cPanel


# VER L/R AUTH S REPORTED TYPE DESCRIPTION
01 10.9.x-S??? L N N 09/??/2006 permissions world readable modsecparse.pl contains modsec db user/pass
02 10.9.x-S??? L N Y 09/??/2006 symlink overwrite any single file via modsecparse.pl once an hour
03 10.9.x-S??? L N N 09/??/2006 permissions world readable modsec.user.conf when installed via WHM
04 10.9.x-S??? - - N 11/23/2006 XSS cPanel Pro XSS
05 10.9.x-S??? - - N 11/23/2006 XSS cPanel Pro XSS
06 10.9.x-S??? - - N 11/23/2006 XSS cPanel Pro XSS
07 10.9.x-S??? - - N 11/23/2006 XSS cPanel Pro XSS
08 10.9.x-S??? - - N 11/23/2006 XSS cPanel Pro XSS
09 10.9.x-S??? - - N 11/23/2006 XSS cPanel Pro XSS
10 10.9.0-S119 L Y,N N 03/14/2007 permissions random world readable /etc/proftpd files, inc. non cp user hashes
11 ? - - N 06/??/2007 info leak addon domain password logged to the cPanel access_log
12 11.11.0-C16774 R N N 09/05/2007 XSS tweakcphulk.cgi XSS
13 11.11.0-S16789 L Y N 09/07/2007 symlink resellers could overwrite or create any file via ~/.sharedcrtname
14 11.11.0-S16999 L Y N 10/01/2007 design issue cPanel logging bypass
15 11.15.0-R17853 L N Y 11/03/2007 race condition easyapache Utils.pm race condition
16 ? L Y N unreported symlink overwrite any file via ~/.cpanel-datastore dig and mysql files
17 11.15.0-R17853 L Y N 11/18/2007 symlink view first line of any file via ~/.contactemail
18 11.15.0-R17853 L N N 11/18/2007 XSS /scripts2/top XSS
19 11.15.0-R17853 L N N 11/18/2007 XSS /scripts/simpleps XSS
20 11.15.0-R17853 L Y N 11/18/2007 symlink view any file via ~/.sharedcrtname
21 11.15.0-R18420 L N N 12/13/2007 symlink view any line from /etc/shadow via mailroutewrap
22 ? - - N 02/08/2008 info leak plain text root password logged to cPanel access_log
23 11.18.1-E20683 L Y N 02/14/2008 design issue hijack DNS zone of server via Modify An Account
24 11.19.0-E20931 L Y N 02/19/2008 design issue install ssl cert of server
25 11.19.0-E20931 L Y N 02/19/2008 design issue overwrite crt, key, and csr of server
26 11.19.1-D21586 L Y N 03/08/2008 symlink access any cPanel/WHM account via Horde + cPanel flaws
27 ? L Y N 03/16/2008 XSS /scripts/suspendlist XSS
28 ? L Y N 03/17/2008 XSS /scripts2/getssldata XSS
29 11.18.3-S21703 L Y N 03/19/2008 design issue cPanel access_log username logging bypass
30 11.18.3-S21703 R N N 03/21/2008 info leak remotely obtain cPanel username
31 ? L N N 04/07/2008 design issue obtain WHM usernames and passwords via hijacking the unpriv cPanel ports
32 11.22.0-B23297 L Y N 04/11/2008 design issue hijack zone, snoop SSL key
33 11.18.3-C23661 L N N 04/23/2008 permissions ClamAV insecure permissions
34 11.23.1-E24268 L N N 05/11/2008 symlink bytes_log DoS
35 11.23.1-E24268 L Y N 05/14/2008 symlink theme overwrite
36 11.23.1-E24268 L Y N 05/14/2008 symlink validate file existence
37 11.23.1-E24526 L Y N 05/19/2008 symlink insecure openssl .rnd file
38 11.23.1-E24773 L - N 05/22/2008 design issue cPanel daemons insecure $PATH
39 11.23.1-E24773 - - N 05/26/2008 XSS cPanel download XSS
40 11.23.4-E26139 L N Y 07/28/2008 symlink suexec bypass (entropysearch.cgi)
41 11.23.4-E26139 L N N 08/01/2008 symlink suexec bypass (guestbook.cgi)
42 11.23.4-C26138 L N N 08/06/2008 symlink insecure PEAR implementation
43 11.23.6-E26881 L Y N 08/29/2008 design issue uid and gid reuse issues
44 11.24.7-B34914 L N Y 03/29/2009 design issue /scripts/fixperlscript runs 'perl -c' as root
45 11.24.7-B35691 L Y N 04/30/2009 design issue owning virtfs
46 11.24.7-B35691 L Y N 04/30/2009 design issue resellers can create root owned accounts
47 11.24.7-B35691 L Y N 04/30/2009 design issue resellers can create resellers
48 11.24.7-E35784 L Y N 05/08/2009 design issue fun with getgrnam()
49 11.25.0-E44589 L Y N 04/??/2010 symlink multiple local roots when uninstalling FrontPage
50 11.25.0-E44589 L Y N 04/??/2010 permissions view /etc/shadow when terminating or modifying account
51 11.25.0-E44589 R N N 04/??/2010 DoS remotely consume excessive CPU and mem via Exim




Trivial very minor issues
Low XSS, info leaks
Medium destructive actions, access others' accounts
High local root (auth required), /root/.accesshash, /etc/shadow access
Less Critical local root (no auth required)
Critical remote root (no auth required)
L/R Local/Remote
Auth Authentication required
S Bug found via source code review