Page 2 of 10 results (0.006 seconds)

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2011-4732

https://notcve.org/view.php?id=CVE-2011-4732

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving account/power-mode-logout and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 omite el parámetro charset de cabeceras Content-Type para determinados recursos, lo que permite a atacantes remotos tener un impacto sin especificar utilizando un conflicto de interpretación en account/power-mode-logout y otros archivos determinados. NOTA: es posible que sólo clientes, no el producto Plesk, estén afectados. • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72327 •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2011-4730

https://notcve.org/view.php?id=CVE-2011-4730

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in admin/reseller/login-info/ and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 genera un campo de formulario de contraseña sin deshabilitar el autocompletado, lo que facilita a atacantes remotos evitar la autenticación accediendo a un ordenador desatendido, tal como se ha demostrado por formularios en admin/reseller/login-info/ y otros archivos concretos. • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72329 • CWE-255: Credentials Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2011-4731

https://notcve.org/view.php?id=CVE-2011-4731

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 incluye una dirección IP RFC 1918 dentro de una página web, lo que permite a atacantes remotos obtener información confidencial leyendo esta página, como se ha demostrado con admin/home/admin y otros archivos concretos. • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2011-4727

https://notcve.org/view.php?id=CVE-2011-4727

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted REST URL parameter, as demonstrated by parameters to admin/ and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 no valida apropiadamente datos de cadena de texto utilizados para almacenamiento en un documento XML, lo que permite a atacantes remotos provocar una denegación de servicio (error de "parseo") o posiblemente tener otros impactos sin especificar a través de un parámetro URL REST modificado, tal como se ha demostrado con parámetros de admin/ y otros archivos determinados. • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72332 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2011-4728

https://notcve.org/view.php?id=CVE-2011-4728

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 no habilita la etiqueta "secure" para una cookie de sesión https, lo que facilita a atacantes remotos capturar esta cookie interceptando su transmisión dentro de una sesión http, tal como se ha demostrado con cookies utilizadas por login_up.php3 y otros archivos concretos. • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72331 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •