Weekly Update: a new vulnerability is published on the National Vulnerability Database (20 items)

New vulnerabilities from the NVD: CVE-2016-10774 cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172). Published at: August 05, 2019 at 04:15PM View on website August 05, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10773 cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171). Published at: August 05, 2019 at 04:15PM View on website August 05, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10772 cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). Published at: August 05, 2019 at 04:15PM View on website August 05, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10771 cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). Published at: August 05, 2019 at 04:15PM View on website August 05, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10770 cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). Published at: August 05, 2019 at 04:15PM View on website August 05, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10769 cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162). Published at: August 05, 2019 at 04:15PM View on website August 05, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10768 cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161). Published at: August 05, 2019 at 04:15PM View on website August 05, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10767 cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159). Published at: August 05, 2019 at 04:15PM View on website August 05, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10766 (edx-platform) edx-platform before 2016-06-06 allows CSRF. Published at: July 29, 2019 at 08:15PM View on website August 05, 2019 at 07:54PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10782 cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181). Published at: August 06, 2019 at 04:15PM View on website August 06, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10781 cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180). Published at: August 06, 2019 at 04:15PM View on website August 06, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10780 cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180). Published at: August 06, 2019 at 04:15PM View on website August 06, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10779 cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179). Published at: August 06, 2019 at 04:15PM View on website August 06, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10778 cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178). Published at: August 06, 2019 at 04:15PM View on website August 06, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10777 cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177). Published at: August 06, 2019 at 04:15PM View on website August 06, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10776 cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174). Published at: August 06, 2019 at 04:15PM View on website August 06, 2019 at 05:53PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9291 (cpanel) cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). Published at: August 01, 2019 at 06:15PM View on website August 07, 2019 at 08:08PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-5297 (pixman) An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code. Published at: August 01, 2019 at 02:15AM View on website August 07, 2019 at 08:08PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-8184 (liblouis) A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened. Published at: August 02, 2019 at 04:15PM View on website August 08, 2019 at 10:07PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9292 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). Published at: August 09, 2019 at 12:15AM View on website August 09, 2019 at 02:07AM via National Vulnerability Database