CVE-2019-20495
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531).
Source: CVE-2019-20495
[월:] 2020년 03월
CVE-2019-20496
CVE-2019-20496
cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532).
Source: CVE-2019-20496
CVE-2020-10114
CVE-2020-10114
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
Source: CVE-2020-10114
CVE-2019-20492
CVE-2019-20492
cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516).
Source: CVE-2019-20492
CVE-2019-20493
CVE-2019-20493
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520).
Source: CVE-2019-20493
CVE-2019-20490
CVE-2019-20490
cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).
Source: CVE-2019-20490
CVE-2018-18576
CVE-2018-18576
The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI.
Source: CVE-2018-18576
CVE-2018-21037
CVE-2018-21037
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.
Source: CVE-2018-21037
CVE-2019-11074
CVE-2019-11074
A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor.
Source: CVE-2019-11074
CVE-2019-20452
CVE-2019-20452
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.
Source: CVE-2019-20452