CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4761
https://notcve.org/view.php?id=CVE-2011-4761
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving domains/sitebuilder_edit.php and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. Parallels Plesk Small Business Panel 10.2.0 omite el parámetro charset de cabeceras Content-Type para determinados recurso... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4768
https://notcve.org/view.php?id=CVE-2011-4768
16 Dec 2011 — The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving Wizard/Edit/Modules/Image and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. La característica "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 1... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4757
https://notcve.org/view.php?id=CVE-2011-4757
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and certain other files. Parallels Plesk Small Business Panel 10.2.0 genera un campo de formulario de contraseña sin deshabilitar el autocompletado, lo que facilita a atacantes remotos evitar la autenticación accediendo a un ordenador desatentidi... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4851
https://notcve.org/view.php?id=CVE-2011-4851
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in server/google-tools/ and certain other files. El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 genera un campo de formulario de contraseña sin deshabilitar el autocompletado, lo que facilita a atacantes remotos e... • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2011-4749
https://notcve.org/view.php?id=CVE-2011-4749
16 Dec 2011 — The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms on certain pages under admin/index.php/default. El sistema de tarificación de Parallels Plesk Panel 10.3.1_build1013110726.09 genera un campo de formulario de contraseña sin deshabilitar la opción de autocompletado, lo que facilita... • http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html • CWE-255: Credentials Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4854
https://notcve.org/view.php?id=CVE-2011-4854
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not ensure that Content-Type HTTP headers match the corresponding Content-Type data in HTML META elements, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving the get_enabled_product_icon program. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 no se asegura ... • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4856
https://notcve.org/view.php?id=CVE-2011-4856
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving admin/health/parameters and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 envía cabeceras incorrectas Content-Type para determina... • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4737
https://notcve.org/view.php?id=CVE-2011-4737
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in client@2/domain@1/odbc/dsn@1/properties/. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 incluye una contraseña enviada ("submitted") dentro del cuerpo de una respuesta HTTP, lo que facilita a atacantes remotos obtener información con... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4739
https://notcve.org/view.php?id=CVE-2011-4739
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 genera un campo de formulario de contraseña sin deshabilitar la opción de autocompletado, lo que facilita a atacantes rem... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html • CWE-255: Credentials Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4741
https://notcve.org/view.php?id=CVE-2011-4741
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 incluye una cadena de conexión a base de datos dentro de una página web, lo que permite a atacantes remotos obtener información confidencial leyendo esta página, ta... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •