cPanel TSR-2017-0005 Full Disclosure

cPanel TSR-2017-0005 Full Disclosure SEC-276 Summary SQL injection in eximstats processing. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N Description When processing eximstats updates in buffered mode, errors in the SQL operations cause the updates to be reprocessed one statement at a time. The logic Continue Reading

cPanel TSR-2017-0004 Full Disclosure

cPanel TSR-2017-0004 Full Disclosure SEC-263 Summary Stored XSS during WHM cPAddons install. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 3.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N Description It was possible for an attacker to actively inject HTML into the WHM cPAddons screen during a moderated install. Credits This issue was discovered Continue Reading

cPanel TSR-2017-0002 Full Disclosure

cPanel TSR-2017-0002 Full Disclosure SEC-208 Summary Addon domain conversion did not require a package for resellers. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 2.7 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L Description Previously, when you converted an addon domain to a normal account, it was not required that a reseller specify a Continue Reading

cPanel TSR-2016-0004 Full Disclosure

cPanel TSR-2016-0004 Full Disclosure SEC-130 Summary Apache logfiles start with loose permissions. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 2.1 (AV:L/AC:L/Au:S/C:P/I:N/A:N) Description The Apache domlogs were originally populated with loose permissions during creation. Credits This issue was discovered by the cPanel Security Team. Solution This issue Continue Reading

cPanel TSR-2016-0002 Full Disclosure

cPanel TSR-2016-0002 Full Disclosure SEC-31 Summary Daemons can access their controlling TTY. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C) Description Daemonized code is not fully detached from from its parent process. This allows an attacker to control a TTY they do not own. Credits Continue Reading

>