CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4744
https://notcve.org/view.php?id=CVE-2011-4744
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/featured-applications/ and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 envía cabeceras incorrectas Content-Typ... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4760
https://notcve.org/view.php?id=CVE-2011-4760
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files. Parallels Plesk Small Business Panel 10.2.0 tiene determinadas páginas web que contienen direcciones de e-mail no intencionadas utilizadas para el desarrollo local de la aplicación, lo ... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4855
https://notcve.org/view.php?id=CVE-2011-4855
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving admin/customer-service-plan/list/reset-search/true/ and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 omite el parám... • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4730
https://notcve.org/view.php?id=CVE-2011-4730
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in admin/reseller/login-info/ and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 genera un campo de formulario de contraseña sin deshabilitar el autocompl... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-255: Credentials Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4740
https://notcve.org/view.php?id=CVE-2011-4740
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates web pages containing external links in response to GET requests with query strings for smb/app/search-data/catalogId/marketplace and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 genera páginas... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4753
https://notcve.org/view.php?id=CVE-2011-4753
16 Dec 2011 — Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by domains/sitebuilder_edit.php and certain other files. Multiples vulnerabilidades de inyección SQL en Parallels Plesk Small Business Panel 10.2.0 permiten a usuarios remotos ejecutar comandos SQL de su elección a través de entradas modificadas a un script PHP, tal como se ha demostrado por domains/sitebuilder_edit.... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4745
https://notcve.org/view.php?id=CVE-2011-4745
16 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/index.php/default and certain other files. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en en el sistema de tarificación de Parallels Plesk Panel 10.3.1_build1013110726.09. Permiten a atacantes remotos inyectar codigo de script web... • http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4729
https://notcve.org/view.php?id=CVE-2011-4729
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by login_up.php3 and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 no incluye la etiqueta HTTPOnly en una cabecera Set-Cookie para una coo... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4758
https://notcve.org/view.php?id=CVE-2011-4758
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in smb/auth and certain other files. Parallels Plesk Small Business Panel 10.2.0 recibe entradas con contraseñas en texto claro sobre HTTP, lo que permite a atacantes remotos obtener información confidencial leyendo el tráfico de red, como se ha demostrado con formularios en "smb/auth" y otros archivos determi... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4727
https://notcve.org/view.php?id=CVE-2011-4727
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted REST URL parameter, as demonstrated by parameters to admin/ and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 no valida apropiadamente datos de ... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-20: Improper Input Validation •