Section: Security

Featured Item

cPanel TSR-2015-0002 Full Disclosure

cPanel TSR-2015-0002 Full Disclosure SEC-2 Summary Multiple vulnerabilities via ExpVar overexpansion. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) Description The WHM, cPanel, and Webmail interfaces use a common routine named “expvar” for interpolating user input and some cPanel template variables. In many interfaces, this …

Posted in: News, Security | Tagged: , ,

cPanel TSR-2015-0002 Announcement

cPanel TSR-2015-0002 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores …

Posted in News, Security | Tagged: , ,

cPanel TSR-2015-0001 Full Disclosure

SEC-1 Summary Arbitrary code could be executed as other accounts with RUID2/ITK enabled. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N) Description The WHM “Apache mod_userdir Tweak” interface incorrectly allowed the exclusion of specific users from userdir protection when mod_ruid2 or MPM-ITK was in use …

Posted in News, Security | Tagged: , ,

cPanel TSR-2015-0001 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Posted in News, Security | Tagged: , ,

Scheduled TSR Cycles

Throughout 2014, the cPanel Security Team has worked with security researchers through cPanel’s Security Bounty program. We try to deliver fixes to issues these security researchers have discovered, along with fixes for issues discovered by cPanel’s internal code audits, in regular two-month cycles. The intent of these scheduled TSRs has …

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0008 Full Disclosure

Case 114917 Summary Resellers could delete feature lists they did not own. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description The check for ownership of a feature list was not functioning properly and allowed a reseller with limited ACLs to delete feature lists that …

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0008 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Posted in News, Security | Tagged: , ,

cPanel Security Team: Bash CVE-2014-6217 and CVE-2014-7169

Bash CVE-2014-6217 and CVE-2014-7169 CVE-2014-6217 is a critical vulnerability in all versions of GNU Bash, the Bourne Again Shell.This vulnerability allows an attacker to execute arbitrary shell commands any time a Bash shell executes with environmental variables supplied by the attacker. On cPanel & WHM systems, there are numerous entry …

Posted in News, Security | Tagged: ,

cPanel TSR-2014-0007 Full Disclosure

Case 109049 Summary Arbitrary file overwrite in /scripts/synccpaddonswithsqlhost. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The synccpaddonswithsqlhost script performed unsafe file operations inside the home directories of unprivileged users while running with root’s permissions. By manipulating symbolic links within the .cpaddons sub-directory, a …

Posted in News, Security | Tagged: , ,

cPanel TSR-2014-0007 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

Posted in News, Security | Tagged: , ,
Page 1 of 912345...Last »