cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243).
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191).
cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516).
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).
cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480).
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).
cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487).
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498).
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).
cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).
cPanel before 58.0.4 has improper session handling for shared users (SEC-139).
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).
cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251).
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu allows Object Injection.This issue affects WP Mega Menu: from n/a through 1.4.2.
Deserialization of Untrusted Data vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Object Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21.
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.
Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php.
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.
Deserialization of Untrusted Data vulnerability in enituretechnology Small Package Quotes – USPS Edition allows Object Injection. This issue affects Small Package Quotes – USPS Edition: from n/a through 1.3.9.
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Microsoft SharePoint Server Remote Code Execution Vulnerability
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details.
IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.