CVE-2006-6451 – Plesk 7.5/8.0 - 'get_password.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6451
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SWsoft Plesk 8.0.1 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección mediante parámetros no especificados en (1) get_password.php ó (2) login_up.php3. • https://www.exploit-db.com/exploits/29017 https://www.exploit-db.com/exploits/29018 http://marc.info/?l=bugtraq&m=116370467532206&w=2 http://securitytracker.com/id?1017236 http://www.majorsecurity.de/index_2.php?major_rls=major_rls34 http://www.securityfocus.com/bid/21067 https://exchange.xforce.ibmcloud.com/vulnerabilities/30320 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-5028 – PLESK 7.5/7.6 - 'FileManager.php' Directory Traversal
https://notcve.org/view.php?id=CVE-2006-5028
Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. Vulnerabilidad de atravesamiento de directorios en SWsoft Plesk 7.5 Reload y Plesk 7.6 para Microsoft Windows permite a un atacante remoto listar directorios de su elección a través de la secuencia ../ (punto punto barra) en el parámetro file en una acción chdir. • https://www.exploit-db.com/exploits/28647 http://secunia.com/advisories/22058 http://securityreason.com/securityalert/1643 http://www.securityfocus.com/archive/1/446730/100/0/threaded http://www.securityfocus.com/archive/1/470509/100/0/threaded http://www.securityfocus.com/bid/20155 https://exchange.xforce.ibmcloud.com/vulnerabilities/29134 •