CVE-2020-10596
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users’ image upload section.
Source: CVE-2020-10596
[월:] 2020년 03월
CVE-2020-10119
CVE-2020-10119
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
Source: CVE-2020-10119
CVE-2020-10118
CVE-2020-10118
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).
Source: CVE-2020-10118
CVE-2020-10116
CVE-2020-10116
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).
Source: CVE-2020-10116
CVE-2020-10117
CVE-2020-10117
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
Source: CVE-2020-10117
CVE-2020-10115
CVE-2020-10115
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).
Source: CVE-2020-10115
CVE-2020-10113
CVE-2020-10113
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
Source: CVE-2020-10113
CVE-2019-20497
CVE-2019-20497
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).
Source: CVE-2019-20497
CVE-2019-20498
CVE-2019-20498
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).
Source: CVE-2019-20498
CVE-2019-20494
CVE-2019-20494
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
Source: CVE-2019-20494