CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4729
https://notcve.org/view.php?id=CVE-2011-4729
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by login_up.php3 and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 no incluye la etiqueta HTTPOnly en una cabecera Set-Cookie para una cookie, lo que facilita a atacantes remotos obtener información confidencial a través un script que acceda a esta cookie, tal como se ha demostrado con cookies utilizadas en login_up.php3 y otros archivos concretos. • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72330 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4851
https://notcve.org/view.php?id=CVE-2011-4851
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in server/google-tools/ and certain other files. El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 genera un campo de formulario de contraseña sin deshabilitar el autocompletado, lo que facilita a atacantes remotos eviar la autenticación accediendo a un ordenador desatendido. Tal como se ha demostrado por formularios en "server/google-tools/" y otros archivos determinados. • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72226 • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4848
https://notcve.org/view.php?id=CVE-2011-4848
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in certain files under client@1/domain@1/backup/local-repository/. El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 incluye una contraseña suministrada ("submitted") dentro del cuerpo de la respuesta HTTP, lo que facilita a atacantes remotos obtener información confidencial interceptando el tráfico de red. Tal como se ha demostrado por el manejo de la contraseña en determinados archivos bajo client@1/domain@1/backup/local-repository/. • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72223 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2011-4853
https://notcve.org/view.php?id=CVE-2011-4853
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by smb/user/list-data/items-per-page/ and certain other files. El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 incluye una dirección IP RFC 1918 IP dentro de una página web, lo que permite a atacanes remotos obtener información confidencial leyendo esta página, tal como se ha demostrado por "smb/user/list-data/items-per-page/" y otros archivos determinados. • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72094 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4738
https://notcve.org/view.php?id=CVE-2011-4738
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 no incluye la etiqueta HTTPOnly en una cabecera Set-Cookie para una cookie, lo que facilita a atacantes remotos obtener información sensible a través de un script que acceda a esta cookie, como se ha demostrado con coodies utilizadas por get_password.php y otros archivos determinados. • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72321 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •