# | VER | L/R | AUTH | S | REPORTED | TYPE | DESCRIPTION |
01 | 10.9.x-S??? | L | N | N | 09/??/2006 | permissions | world readable modsecparse.pl contains modsec db user/pass |
02 | 10.9.x-S??? | L | N | Y | 09/??/2006 | symlink | overwrite any single file via modsecparse.pl once an hour |
03 | 10.9.x-S??? | L | N | N | 09/??/2006 | permissions | world readable modsec.user.conf when installed via WHM |
04 | 10.9.x-S??? | - | - | N | 11/23/2006 | XSS | cPanel Pro XSS |
05 | 10.9.x-S??? | - | - | N | 11/23/2006 | XSS | cPanel Pro XSS |
06 | 10.9.x-S??? | - | - | N | 11/23/2006 | XSS | cPanel Pro XSS |
07 | 10.9.x-S??? | - | - | N | 11/23/2006 | XSS | cPanel Pro XSS |
08 | 10.9.x-S??? | - | - | N | 11/23/2006 | XSS | cPanel Pro XSS |
09 | 10.9.x-S??? | - | - | N | 11/23/2006 | XSS | cPanel Pro XSS |
10 | 10.9.0-S119 | L | Y,N | N | 03/14/2007 | permissions | random world readable /etc/proftpd files, inc. non cp user hashes |
11 | ? | - | - | N | 06/??/2007 | info leak | addon domain password logged to the cPanel access_log |
12 | 11.11.0-C16774 | R | N | N | 09/05/2007 | XSS | tweakcphulk.cgi XSS |
13 | 11.11.0-S16789 | L | Y | N | 09/07/2007 | symlink | resellers could overwrite or create any file via ~/.sharedcrtname |
14 | 11.11.0-S16999 | L | Y | N | 10/01/2007 | design issue | cPanel logging bypass |
15 | 11.15.0-R17853 | L | N | Y | 11/03/2007 | race condition | easyapache Utils.pm race condition |
16 | ? | L | Y | N | unreported | symlink | overwrite any file via ~/.cpanel-datastore dig and mysql files |
17 | 11.15.0-R17853 | L | Y | N | 11/18/2007 | symlink | view first line of any file via ~/.contactemail |
18 | 11.15.0-R17853 | L | N | N | 11/18/2007 | XSS | /scripts2/top XSS |
19 | 11.15.0-R17853 | L | N | N | 11/18/2007 | XSS | /scripts/simpleps XSS |
20 | 11.15.0-R17853 | L | Y | N | 11/18/2007 | symlink | view any file via ~/.sharedcrtname |
21 | 11.15.0-R18420 | L | N | N | 12/13/2007 | symlink | view any line from /etc/shadow via mailroutewrap |
22 | ? | - | - | N | 02/08/2008 | info leak | plain text root password logged to cPanel access_log |
23 | 11.18.1-E20683 | L | Y | N | 02/14/2008 | design issue | hijack DNS zone of server via Modify An Account |
24 | 11.19.0-E20931 | L | Y | N | 02/19/2008 | design issue | install ssl cert of server |
25 | 11.19.0-E20931 | L | Y | N | 02/19/2008 | design issue | overwrite crt, key, and csr of server |
26 | 11.19.1-D21586 | L | Y | N | 03/08/2008 | symlink | access any cPanel/WHM account via Horde + cPanel flaws |
27 | ? | L | Y | N | 03/16/2008 | XSS | /scripts/suspendlist XSS |
28 | ? | L | Y | N | 03/17/2008 | XSS | /scripts2/getssldata XSS |
29 | 11.18.3-S21703 | L | Y | N | 03/19/2008 | design issue | cPanel access_log username logging bypass |
30 | 11.18.3-S21703 | R | N | N | 03/21/2008 | info leak | remotely obtain cPanel username |
31 | ? | L | N | N | 04/07/2008 | design issue | obtain WHM usernames and passwords via hijacking the unpriv cPanel ports |
32 | 11.22.0-B23297 | L | Y | N | 04/11/2008 | design issue | hijack zone, snoop SSL key |
33 | 11.18.3-C23661 | L | N | N | 04/23/2008 | permissions | ClamAV insecure permissions |
34 | 11.23.1-E24268 | L | N | N | 05/11/2008 | symlink | bytes_log DoS |
35 | 11.23.1-E24268 | L | Y | N | 05/14/2008 | symlink | theme overwrite |
36 | 11.23.1-E24268 | L | Y | N | 05/14/2008 | symlink | validate file existence |
37 | 11.23.1-E24526 | L | Y | N | 05/19/2008 | symlink | insecure openssl .rnd file |
38 | 11.23.1-E24773 | L | - | N | 05/22/2008 | design issue | cPanel daemons insecure $PATH |
39 | 11.23.1-E24773 | - | - | N | 05/26/2008 | XSS | cPanel download XSS |
40 | 11.23.4-E26139 | L | N | Y | 07/28/2008 | symlink | suexec bypass (entropysearch.cgi) |
41 | 11.23.4-E26139 | L | N | N | 08/01/2008 | symlink | suexec bypass (guestbook.cgi) |
42 | 11.23.4-C26138 | L | N | N | 08/06/2008 | symlink | insecure PEAR implementation |
43 | 11.23.6-E26881 | L | Y | N | 08/29/2008 | design issue | uid and gid reuse issues |
44 | 11.24.7-B34914 | L | N | Y | 03/29/2009 | design issue | /scripts/fixperlscript runs 'perl -c' as root |
45 | 11.24.7-B35691 | L | Y | N | 04/30/2009 | design issue | owning virtfs |
46 | 11.24.7-B35691 | L | Y | N | 04/30/2009 | design issue | resellers can create root owned accounts |
47 | 11.24.7-B35691 | L | Y | N | 04/30/2009 | design issue | resellers can create resellers |
48 | 11.24.7-E35784 | L | Y | N | 05/08/2009 | design issue | fun with getgrnam() |
49 | 11.25.0-E44589 | L | Y | N | 04/??/2010 | symlink | multiple local roots when uninstalling FrontPage |
50 | 11.25.0-E44589 | L | Y | N | 04/??/2010 | permissions | view /etc/shadow when terminating or modifying account |
51 | 11.25.0-E44589 | R | N | N | 04/??/2010 | DoS | remotely consume excessive CPU and mem via Exim |
Trivial | very minor issues |
Low | XSS, info leaks |
Medium | destructive actions, access others' accounts |
High | local root (auth required), /root/.accesshash, /etc/shadow access |
Less Critical | local root (no auth required) |
Critical | remote root (no auth required) |
L/R | Local/Remote |
Auth | Authentication required |
S | Bug found via source code review |