CVSS: 9.8EPSS: 0%CPEs: 43EXPL: 0CVE-2012-1557
https://notcve.org/view.php?id=CVE-2012-1557
12 Mar 2012 — SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012. Vulnerabilidad de inyección SQL en admin/plib/api-rpc/Agent.php de Parallels Plesk Panel 7.x y 8.x anteriores a 8.6 MU#2, 9.x anteriores a 9.5 MU#11, 10.0.x anteriores... • http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4725
https://notcve.org/view.php?id=CVE-2011-4725
16 Dec 2011 — Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files. Múltiples vulnerabilidades de inyección SQL en el panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 permiten a usuarios remotos ejecutar comandos SQL de su elección a través de datos de entrada modif... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4732
https://notcve.org/view.php?id=CVE-2011-4732
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving account/power-mode-logout and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 om... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4726
https://notcve.org/view.php?id=CVE-2011-4726
16 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/health/ and certain other files. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18. Permite a atacantes remotos inyectar codigo de... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4731
https://notcve.org/view.php?id=CVE-2011-4731
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 incluye una dirección IP RFC 1918 dentro de una página web, lo que permite a atacantes remotos obtener información confidencial le... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4733
https://notcve.org/view.php?id=CVE-2011-4733
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/disable-featured-applications-promo and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4730
https://notcve.org/view.php?id=CVE-2011-4730
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in admin/reseller/login-info/ and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 genera un campo de formulario de contraseña sin deshabilitar el autocompl... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-255: Credentials Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4729
https://notcve.org/view.php?id=CVE-2011-4729
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by login_up.php3 and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 no incluye la etiqueta HTTPOnly en una cabecera Set-Cookie para una coo... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4727
https://notcve.org/view.php?id=CVE-2011-4727
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted REST URL parameter, as demonstrated by parameters to admin/ and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 no valida apropiadamente datos de ... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4728
https://notcve.org/view.php?id=CVE-2011-4728
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 no habilita la etiqueta "secure" para una cookie de sesión https, lo que facil... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •