CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4744
https://notcve.org/view.php?id=CVE-2011-4744
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/featured-applications/ and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 envía cabeceras incorrectas Content-Type para determinados recursos, lo que permite a atacantes remotos tener un impacto sin especificar utilizando un conflicto de interpretación smb/admin-home/featured-applications/ y otros archivos determinados. NOTA: es posible que sólo clientes, no el producto Plesk, estén afectados. • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72315 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4856
https://notcve.org/view.php?id=CVE-2011-4856
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving admin/health/parameters and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 envía cabeceras incorrectas Content-Type para determinados recursos, lo que permite a atacantes remotos provocar un impacto sin especificar utilizando un conflicto de interpretación que involucra "admin/health/parameters" y otros archivos determinados. NOTE: es posible que sólo clientes, no el producto Plesk, puedan estar afectados. • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72091 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4726
https://notcve.org/view.php?id=CVE-2011-4726
Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/health/ and certain other files. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de datos de entrada modificados a un script PHP, tal como se ha demostrado en admin/health/ y otros archivos determinados. • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72333 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4725
https://notcve.org/view.php?id=CVE-2011-4725
Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files. Múltiples vulnerabilidades de inyección SQL en el panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 permiten a usuarios remotos ejecutar comandos SQL de su elección a través de datos de entrada modificados a un script PHP, tal como se ha demostrado por login_up.php3 y otros archivos concretos. • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72334 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4733
https://notcve.org/view.php?id=CVE-2011-4733
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/disable-featured-applications-promo and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 envía cabeceras Content-Type incorrectas para determinados recursos, lo que facilita a atacantes remotos tener un impacto sin especificar utilizando un conflicto de interpretación que involucre smb/admin-home/disable-featured-applications-promo y otros archivos determinados. NOTA: es posible que sólo clientes, no el producto Plesk, estén afectados. • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72326 •