Section: Security

Featured Item

cPanel TSR-2014-0008 Full Disclosure

TSR-2014-0008 Full Disclosure Case 114917 Summary Resellers could delete feature lists they did not own. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description The check for ownership of a feature list was not functioning properly and allowed a reseller with limited ACLs to delete …

Posted in: News, Security | Tagged: , ,

cPanel TSR-2014-0008 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Posted in News, Security | Tagged: , ,

cPanel Security Team: Bash CVE-2014-6217 and CVE-2014-7169

Bash CVE-2014-6217 and CVE-2014-7169 CVE-2014-6217 is a critical vulnerability in all versions of GNU Bash, the Bourne Again Shell.This vulnerability allows an attacker to execute arbitrary shell commands any time a Bash shell executes with environmental variables supplied by the attacker. On cPanel & WHM systems, there are numerous entry …

Posted in News, Security | Tagged: ,

cPanel TSR-2014-0007 Full Disclosure

Case 109049 Summary Arbitrary file overwrite in /scripts/synccpaddonswithsqlhost. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The synccpaddonswithsqlhost script performed unsafe file operations inside the home directories of unprivileged users while running with root’s permissions. By manipulating symbolic links within the .cpaddons sub-directory, a …

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0007 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0006 Full Disclosure

Case 108965 Summary Bypass of account suspension via mod_userdir. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description The fix for case 101677 in TSR-2014-0005 introduced a regression in account suspensions that allowed the web content of a suspended account to be viewed normally via …

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0006 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0005 Full Disclosure

Case 93317 Summary Limited SQL injection vulnerability in LeechProtect. Security Rating cPanel has assigned a Security Level of Minor to this vulnerability. Description The LeechProtect subsystem built into cPanel & WHM systems allows a website owner to disable HTTP logins for accounts that log in from too many distinct IP …

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0005 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0004 Full Disclosure

Case 78301 Summary Correct patch for CVE-2002-1575 in cgiemail. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description cPanel & WHM includes a copy of Bruce Lewis’ cgiemail version 1.6. This version of cgiemail was vulnerable to CVE-2002-1575, allowing remote unauthenticated attackers to send email …

Posted in News, Security | Tagged: , ,
Page 1 of 912345...Last »