CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4738
https://notcve.org/view.php?id=CVE-2011-4738
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 no incluye la etiqueta HTTPOnly en una cabecera Set-Cookie para una cookie, lo que facilita a atacantes ... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4744
https://notcve.org/view.php?id=CVE-2011-4744
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/featured-applications/ and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 envía cabeceras incorrectas Content-Typ... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4760
https://notcve.org/view.php?id=CVE-2011-4760
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files. Parallels Plesk Small Business Panel 10.2.0 tiene determinadas páginas web que contienen direcciones de e-mail no intencionadas utilizadas para el desarrollo local de la aplicación, lo ... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4730
https://notcve.org/view.php?id=CVE-2011-4730
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in admin/reseller/login-info/ and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 genera un campo de formulario de contraseña sin deshabilitar el autocompl... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-255: Credentials Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4740
https://notcve.org/view.php?id=CVE-2011-4740
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates web pages containing external links in response to GET requests with query strings for smb/app/search-data/catalogId/marketplace and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 genera páginas... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4753
https://notcve.org/view.php?id=CVE-2011-4753
16 Dec 2011 — Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by domains/sitebuilder_edit.php and certain other files. Multiples vulnerabilidades de inyección SQL en Parallels Plesk Small Business Panel 10.2.0 permiten a usuarios remotos ejecutar comandos SQL de su elección a través de entradas modificadas a un script PHP, tal como se ha demostrado por domains/sitebuilder_edit.... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4729
https://notcve.org/view.php?id=CVE-2011-4729
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by login_up.php3 and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 no incluye la etiqueta HTTPOnly en una cabecera Set-Cookie para una coo... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4758
https://notcve.org/view.php?id=CVE-2011-4758
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in smb/auth and certain other files. Parallels Plesk Small Business Panel 10.2.0 recibe entradas con contraseñas en texto claro sobre HTTP, lo que permite a atacantes remotos obtener información confidencial leyendo el tráfico de red, como se ha demostrado con formularios en "smb/auth" y otros archivos determi... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4727
https://notcve.org/view.php?id=CVE-2011-4727
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted REST URL parameter, as demonstrated by parameters to admin/ and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 no valida apropiadamente datos de ... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4765
https://notcve.org/view.php?id=CVE-2011-4765
16 Dec 2011 — The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by Wizard/Edit/Modules/ImageGallery/MultiImagesUpload and certain other files. La característica "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0 no incluye la etiqueta HTT... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •