CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4760
https://notcve.org/view.php?id=CVE-2011-4760
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files. Parallels Plesk Small Business Panel 10.2.0 tiene determinadas páginas web que contienen direcciones de e-mail no intencionadas utilizadas para el desarrollo local de la aplicación, lo ... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4753
https://notcve.org/view.php?id=CVE-2011-4753
16 Dec 2011 — Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by domains/sitebuilder_edit.php and certain other files. Multiples vulnerabilidades de inyección SQL en Parallels Plesk Small Business Panel 10.2.0 permiten a usuarios remotos ejecutar comandos SQL de su elección a través de entradas modificadas a un script PHP, tal como se ha demostrado por domains/sitebuilder_edit.... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4758
https://notcve.org/view.php?id=CVE-2011-4758
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in smb/auth and certain other files. Parallels Plesk Small Business Panel 10.2.0 recibe entradas con contraseñas en texto claro sobre HTTP, lo que permite a atacantes remotos obtener información confidencial leyendo el tráfico de red, como se ha demostrado con formularios en "smb/auth" y otros archivos determi... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4765
https://notcve.org/view.php?id=CVE-2011-4765
16 Dec 2011 — The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by Wizard/Edit/Modules/ImageGallery/MultiImagesUpload and certain other files. La característica "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0 no incluye la etiqueta HTT... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4762
https://notcve.org/view.php?id=CVE-2011-4762
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/app/top-categories-data/ and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. Parallels Plesk Small Business Panel 10.2.0 envía cabeceras Content-Type incorrectas a determinados recursos, lo que permite a atacante... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4759
https://notcve.org/view.php?id=CVE-2011-4759
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for client@1/domain@1/hosting/file-manager/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. Parallels Plesk Small Business Panel 10.2.0 genera páginas web que contienen enlaces externos en respuesta a p... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4763
https://notcve.org/view.php?id=CVE-2011-4763
16 Dec 2011 — Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files. Multiples vulnerabilidades de inyección SQL en la funcinalidad "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0 permiten a usuarios remotos ejecutar comandos SQL de su elección a través de una entrada m... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •