Section: Security

Featured Item

cPanel TSR-2014-0007 Full Disclosure

cPanel TSR-2014-0007 Full Disclosure Case 109049 Summary Arbitrary file overwrite in /scripts/synccpaddonswithsqlhost. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The synccpaddonswithsqlhost script performed unsafe file operations inside the home directories of unprivileged users while running with root’s permissions. By manipulating symbolic links within …

Posted in: News, Security | Tagged: , ,

cPanel TSR-2014-0007 Announcement

cPanel TSR-2014-0007 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact …

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0006 Full Disclosure

Case 108965 Summary Bypass of account suspension via mod_userdir. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description The fix for case 101677 in TSR-2014-0005 introduced a regression in account suspensions that allowed the web content of a suspended account to be viewed normally via …

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0006 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0005 Full Disclosure

Case 93317 Summary Limited SQL injection vulnerability in LeechProtect. Security Rating cPanel has assigned a Security Level of Minor to this vulnerability. Description The LeechProtect subsystem built into cPanel & WHM systems allows a website owner to disable HTTP logins for accounts that log in from too many distinct IP …

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0005 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0004 Full Disclosure

Case 78301 Summary Correct patch for CVE-2002-1575 in cgiemail. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description cPanel & WHM includes a copy of Bruce Lewis’ cgiemail version 1.6. This version of cgiemail was vulnerable to CVE-2002-1575, allowing remote unauthenticated attackers to send email …

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0004 Announcement

TSR-2014-0004 cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Posted in News, Security | Tagged: , ,

Heartbleed Vulnerability Information

cPanel Security Team: Heartbleed Vulnerability Heartbleed is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows an attacker to read 64 kilobyte chunks of memory from from servers and clients that connect using SSL through a flaw in the OpenSSL’s implementation of the heartbeat extension.

Posted in News, Security | Tagged: ,

cPanel TSR 2014-0003 Full Disclosure

Case 85329 Summary Sensitive information disclosed via multiple log files. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description Several log files on cPanel & WHM systems were created with default world-readable permissions. These log files include both sensitive internal data such as stack traces …

Posted in News, Security | Tagged: , ,
Page 1 of 912345...Last »