CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4762
https://notcve.org/view.php?id=CVE-2011-4762
Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/app/top-categories-data/ and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. Parallels Plesk Small Business Panel 10.2.0 envía cabeceras Content-Type incorrectas a determinados recursos, lo que permite a atacantes remotos tener un impacto sin especificar utilizando un conflicto de interpretación que involucre "smb/app/top-categories-data/" y otros archivos concretos. NOTA: es posible que sólo clientes, y no el producto SmarterStats, pueden estar afectados. • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72214 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4765
https://notcve.org/view.php?id=CVE-2011-4765
The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by Wizard/Edit/Modules/ImageGallery/MultiImagesUpload and certain other files. La característica "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0 no incluye la etiqueta HTTPOnly en una cabecera Set-Cookie para una cookie, lo que facilita a atacantes remotos obtener información confidencial a través de un acceso mediante script a esta cookie. Tal como se ha demostrado por cookies utilizadas Wizard/Edit/Modules/ImageGallery/MultiImagesUpload y otros archivos determinados. • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72217 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4760
https://notcve.org/view.php?id=CVE-2011-4760
Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files. Parallels Plesk Small Business Panel 10.2.0 tiene determinadas páginas web que contienen direcciones de e-mail no intencionadas utilizadas para el desarrollo local de la aplicación, lo que permite a atacantes remotos obtener información confidencial leyendo una página, tal como se ha demostrado con "smb/email-address/list" y otros archivos determinados. • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72212 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4854
https://notcve.org/view.php?id=CVE-2011-4854
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not ensure that Content-Type HTTP headers match the corresponding Content-Type data in HTML META elements, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving the get_enabled_product_icon program. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 no se asegura de que las cabeceras HTTP Content-Type coinciden con los datos Content-Type correspondientes en elementos HTML META, lo que permite a atacantes remotos tener un impacto sin especificar basándose en un conflicto de interpretación que involucre el programa get_enabled_product_icon. NOTA: es posible que sólo clientes, no el producto Plesk, esten afectados. • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72093 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4847
https://notcve.org/view.php?id=CVE-2011-4847
SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notification@/. Vulnerabilidad de inyección SQL en el panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una cookie certificateslist s notification@/. • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72222 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •