CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4763
https://notcve.org/view.php?id=CVE-2011-4763
16 Dec 2011 — Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files. Multiples vulnerabilidades de inyección SQL en la funcinalidad "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0 permiten a usuarios remotos ejecutar comandos SQL de su elección a través de una entrada m... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2011-4852
https://notcve.org/view.php?id=CVE-2011-4852
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 genera páginas web que contiene... • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4746
https://notcve.org/view.php?id=CVE-2011-4746
16 Dec 2011 — The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not disable the SSL 2.0 protocol, which makes it easier for remote attackers to conduct spoofing attacks by leveraging protocol weaknesses. El sistema de tarificación de Parallels Plesk Panel 10.3.1_build1013110726.09 no deshabilita el protocolo SSL 2.0, lo que facilita a atacantes remotos ejecutar ataques de suplantación utilizando debilidades en los protocolos. • http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2008-6984
https://notcve.org/view.php?id=CVE-2008-6984
18 Aug 2009 — Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3. Plesk v8.6.0, cunado la ordenación de nombres de login está activada, permite a atacantes remotos saltarse la autenticación y enviar correo electrónico spam a través de... • http://www.osvdb.org/51652 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 2CVE-2008-6478 – Parallels Virtuozzo Containers 3.0.0-25.4/4.0.0-365.6 VZPP Interface File Manger - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2008-6478
16 Mar 2009 — Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index. Vulnerabilidad de falsificación de pe... • https://www.exploit-db.com/exploits/31603 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2008-6479 – Parallels Virtuozzo Containers 3.0.0-25.4.swsoft VZPP Interface Change Pass - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2008-6479
16 Mar 2009 — Cross-site request forgery (CSRF) vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en la funcionalidad "cambiar contraseña" en el interfaz web VZPP para Parallels Virtuozzo v25.4.swsoft (disponible en v3.0.0 - v25.4.swsoft) permite a atacantes remotos modificar la contrase... • https://www.exploit-db.com/exploits/31604 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 2CVE-2008-6465
https://notcve.org/view.php?id=CVE-2008-6465
13 Mar 2009 — Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters. Múltiples vulnerabilidades ejecución de secuencias de comandos en sitios cruzados (XSS) en login.php en webshell4 en Parallels H-Sphere 3.0.0 P9 y el 3.1 P1 permiten a atacantes remotos inyectar HTML o scripts web arbitrarios a través de los parámetros (1) err, (2) errorc... • http://osvdb.org/48232 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 2CVE-2007-4009 – Confixx Pro 3.3.1 - 'saveserver.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-4009
26 Jul 2007 — PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter. Una vulnerabilidad de inclusión remota de archivos PHP en el archivo admin/business_inc/saveserver.php en SWSoft Confixx Pro versiones 2.0.12 hasta 3.3.1, permite a atacantes remotos ejecutar código PHP arbitrario por medio de una URL en el parámetro thisdir. • https://www.exploit-db.com/exploits/4219 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2454
https://notcve.org/view.php?id=CVE-2007-2454
02 May 2007 — Heap-based buffer overflow in the VGA device in Parallels allows local users, with root access to the guest operating system, to terminate the virtual machine and possibly execute arbitrary code in the host operating system via unspecified vectors related to bitblt operations. Desbordamiento de búfer basado en pila en el controlador VGA en Parallels permite a usuarios locales, con acceso de root para el sistema operativo invitado, para terminar la máquina virtual y posiblemente ejecutar código de su elecció... • http://osvdb.org/40228 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2455
https://notcve.org/view.php?id=CVE-2007-2455
02 May 2007 — Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI instruction, as demonstrated by using a register as a destination; or a write operation to (4) SEGR6 or (5) SEGR7. Parallels permite a usuarios locales provocar una denegación de servicio (detención de máquina virtual) mediante (1) determinadas instruciones INT, como ... • http://osvdb.org/41164 •