cPanel TSR-2018-0002 Full Disclosure SEC-338 Summary Arbitrary file chmod during legacy incremental backups. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 7.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N Description It was po…
cPanel TSR-2018-0002 Full Disclosure Read More »
cPanel TSR-2018-0002 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers v…
cPanel TSR-2018-0002 Announcement Read More »
cPanel TSR-2018-0001 Full Disclosure SEC-308 Summary SRS secret revealed in exim.conf. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Description When the experimental SRS optio…
cPanel TSR-2018-0001 Full Disclosure Read More »
cPanel TSR-2018-0001 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers v…
cPanel TSR-2018-0001 Announcement Read More »
cPanel TSR-2018-0001, originally scheduled for Monday January 15 2018, has been delayed one week and is now scheduled for release on Monday January 22 2018. The full disclosure for this TSR is now scheduled for Tuesday January 23 2018.
cPanel TSR-2018-0001 Publication Delay Read More »
cPanel TSR-2017-0006 Full Disclosure SEC-236 Summary Add ‘ssl’ to the list of reserved usernames. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 2.4 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N Description When cre…
cPanel TSR-2017-0006 Full Disclosure Read More »
cPanel TSR-2017-0006 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers v…
cPanel TSR-2017-0006 Announcement Read More »
cPanel TSR-2017-0005 Full Disclosure SEC-276 Summary SQL injection in eximstats processing. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N Description When processing eximstats updates in buffered mode, errors in the SQL operations cause the updates to be reprocessed one statement at a time. The logic …
cPanel TSR-2017-0005 Full Disclosure Read More »
cPanel TSR-2017-0005 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores …
cPanel TSR-2017-0005 Announcement Read More »
cPanel TSR-2017-0004 Full Disclosure SEC-263 Summary Stored XSS during WHM cPAddons install. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 3.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N Description It was possible for an attacker to actively inject HTML into the WHM cPAddons screen during a moderated install. Credits This issue was discovered …
cPanel TSR-2017-0004 Full Disclosure Read More »
