NotCVE - vendor:"Parallels" product:"Parallels Plesk Panel" version:"10.2.0

Page 2 of 12 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2011-4741

https://notcve.org/view.php?id=CVE-2011-4741

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 incluye una cadena de conexión a base de datos dentro de una página web, lo que permite a atacantes remotos obtener información confidencial leyendo esta página, tal como se ha demostrado con client@2/domain@1/hosting/aspdotnet/. • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72318 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2011-4737

https://notcve.org/view.php?id=CVE-2011-4737

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in client@2/domain@1/odbc/dsn@1/properties/. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 incluye una contraseña enviada ("submitted") dentro del cuerpo de una respuesta HTTP, lo que facilita a atacantes remotos obtener información confidencial interceptando el tráfico de red, tal como se ha demostrado por el manejo de las contraseñas en client@2/domain@1/odbc/dsn@1/properties/. • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72322 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2011-4734

https://notcve.org/view.php?id=CVE-2011-4734

Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by file-manager/ and certain other files. Multiples vulnerabilidades de inyección SQL en el panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 permiten a usuarios remotos ejecutar comandos SQL de su elección a través de datos de entrada modificados de scripts PHP, tal como se ha demostrado en file-manager/ y otros archivos determinados. • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72325 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2011-4739

https://notcve.org/view.php?id=CVE-2011-4739

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 genera un campo de formulario de contraseña sin deshabilitar la opción de autocompletado, lo que facilita a atacantes remotos evitar la autenticación accediendo a un ordenador desatendido, tal como se ha demostrado en formularios bajo smb/my-profile y otros archivos determinados. • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72320 • CWE-255: Credentials Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2011-4740

https://notcve.org/view.php?id=CVE-2011-4740

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates web pages containing external links in response to GET requests with query strings for smb/app/search-data/catalogId/marketplace and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 genera páginas web que contienen enlaces externos en respuesta a peticiones GET con cadenas de búsqueda de smb/app/search-data/catalogId/marketplace y otros archivos determinados, lo que facilita a atacantes remotos obtener información confidencial leyendo (1) logs de acceso o (2) de Referer del servidor web. Relacionado con una filtración de Referer entre dominios. • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1 2 3