The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-18489 | The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS. | MEDIUM | Aug 16, 2019 |
| CVE-2017-18488 | The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues. | MEDIUM | Aug 15, 2019 |
| CVE-2017-18487 | The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues. | MEDIUM | Aug 15, 2019 |
| CVE-2017-18486 | Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user. | MEDIUM | Aug 19, 2019 |
| CVE-2017-18485 | Cognitoys Dino devices allow profiles_add.html CSRF. | MEDIUM | Aug 15, 2019 |
| CVE-2017-18484 | Cognitoys Dino devices allow XSS via the SSID. | MEDIUM | Aug 15, 2019 |
| CVE-2017-18483 | ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID. | MEDIUM | Aug 14, 2019 |
| CVE-2017-18482 | cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213). | MEDIUM | Aug 12, 2019 |
| CVE-2017-18481 | cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). | LOW | Aug 7, 2019 |
| CVE-2017-18480 | cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210). | MEDIUM | Aug 12, 2019 |
| CVE-2017-18479 | In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). | MEDIUM | Aug 12, 2019 |
| CVE-2017-18478 | In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). | MEDIUM | Aug 12, 2019 |
| CVE-2017-18477 | In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). | MEDIUM | Aug 12, 2019 |
| CVE-2017-18476 | Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205). | MEDIUM | Aug 12, 2019 |
| CVE-2017-18475 | In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204). | MEDIUM | Aug 12, 2019 |
| CVE-2017-18474 | cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201). | MEDIUM | Aug 12, 2019 |
| CVE-2017-18473 | cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). | LOW | Aug 7, 2019 |
| CVE-2017-18472 | cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198). | MEDIUM | Aug 7, 2019 |
| CVE-2017-18471 | cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). | LOW | Aug 7, 2019 |
| CVE-2017-18470 | cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196). | MEDIUM | Aug 12, 2019 |
| CVE-2017-18469 | cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). | MEDIUM | Aug 8, 2019 |
| CVE-2017-18468 | cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). | MEDIUM | Aug 12, 2019 |
| CVE-2017-18467 | cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). | MEDIUM | Aug 12, 2019 |
| CVE-2017-18466 | cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). | MEDIUM | Aug 12, 2019 |
| CVE-2017-18465 | cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227). | LOW | Aug 12, 2019 |
| CVE-2017-18464 | cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226). | MEDIUM | Aug 12, 2019 |
| CVE-2017-18463 | cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). | HIGH | Aug 6, 2019 |
| CVE-2017-18462 | cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). | MEDIUM | Aug 12, 2019 |
| CVE-2017-18461 | cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). | MEDIUM | Aug 8, 2019 |
| CVE-2017-18460 | cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). | HIGH | Aug 7, 2019 |
| CVE-2017-18459 | cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). | HIGH | Aug 7, 2019 |
| CVE-2017-18458 | cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). | LOW | Aug 6, 2019 |
| CVE-2017-18457 | cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). | MEDIUM | Aug 9, 2019 |
| CVE-2017-18456 | cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). | MEDIUM | Aug 8, 2019 |
| CVE-2017-18455 | In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). | MEDIUM | Aug 8, 2019 |
| CVE-2017-18454 | cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). | LOW | Aug 6, 2019 |
| CVE-2017-18453 | cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). | MEDIUM | Aug 6, 2019 |
| CVE-2017-18452 | cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). | MEDIUM | Aug 14, 2019 |
| CVE-2017-18451 | cPanel before 64.0.21 allows attackers to read a user\'s crontab file during a short time interval upon a cPAddon upgrade (SEC-257). | MEDIUM | Aug 6, 2019 |
| CVE-2017-18450 | cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). | MEDIUM | Aug 8, 2019 |
| CVE-2017-18449 | cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). | LOW | Aug 8, 2019 |
| CVE-2017-18448 | cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). | MEDIUM | Aug 8, 2019 |
| CVE-2017-18447 | cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251). | MEDIUM | Aug 8, 2019 |
| CVE-2017-18446 | cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250). | Medium | Aug 8, 2019 |
| CVE-2017-18445 | cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). | MEDIUM | Aug 8, 2019 |
| CVE-2017-18444 | cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). | MEDIUM | Aug 8, 2019 |
| CVE-2017-18443 | cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). | MEDIUM | Aug 8, 2019 |
| CVE-2017-18442 | cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). | MEDIUM | Aug 7, 2019 |
| CVE-2017-18441 | cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245). | MEDIUM | Aug 7, 2019 |
| CVE-2017-18440 | cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). | MEDIUM | Aug 6, 2019 |
