TSR 2013-0010 Full Disclosure

TSR 2013-0010 Full Disclosure Case 69513 Summary World writable Logaholic directories allowed arbitrary code execution in varied contexts. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description Multiple directories within /usr/local/cpanel/base/3rdparty/Logaholic were set world writable by default with permissions of 777. These directories contained, among other items, the global configuration […]

Read More

cPanel – Security Advisory CVE-2013-4113 and CVE-2013-4248

SUMMARY The PHP development team announces the immediate availability of PHP 5.4.18.  About 30 bugs were fixed, including security issues CVE-2013-4113 and CVE-2013-4248.  All users of PHP are encouraged to upgrade to this release.  cPanel has released EasyApache 3.22.5 with this updated version of PHP 5.4.18 to address this issue.  AFFECTED VERSIONS All versions of […]

Read More

cPanel – Security Advisory 2013-07-23 – Multiple CVE’s

cPanel – Security Advisory 2013-07-23 – Multiple CVE’s   SUMMARY The Apache HTTPD Server Project have released httpd-2.2.25 and httpd-2.4.6 to correct multiple vulnerabilities that were issues CVE’s. Apache HTTP Server 2.2.25 CVE-2013-1896 mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body […]

Read More