CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4736
https://notcve.org/view.php?id=CVE-2011-4736
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in login_up.php3 and certain other files. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 recibe contraseñas en texto claro en peticiones HTTP, lo que permite a atacantes remotos obtener información confidencial interceptando el tráfico de red, tal como se ha demos... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4762
https://notcve.org/view.php?id=CVE-2011-4762
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/app/top-categories-data/ and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. Parallels Plesk Small Business Panel 10.2.0 envía cabeceras Content-Type incorrectas a determinados recursos, lo que permite a atacante... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4728
https://notcve.org/view.php?id=CVE-2011-4728
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 no habilita la etiqueta "secure" para una cookie de sesión https, lo que facil... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4734
https://notcve.org/view.php?id=CVE-2011-4734
16 Dec 2011 — Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by file-manager/ and certain other files. Multiples vulnerabilidades de inyección SQL en el panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 permiten a usuarios remotos ejecutar comandos SQL de su elección a través de datos de entrada modificados de scripts PHP, tal como se h... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4742
https://notcve.org/view.php?id=CVE-2011-4742
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/user/list and certain other files. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 contiene páginas web que incluyen direcciones de e-mail sobre el desarrollo local no previstas para ... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4759
https://notcve.org/view.php?id=CVE-2011-4759
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for client@1/domain@1/hosting/file-manager/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. Parallels Plesk Small Business Panel 10.2.0 genera páginas web que contienen enlaces externos en respuesta a p... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4763
https://notcve.org/view.php?id=CVE-2011-4763
16 Dec 2011 — Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files. Multiples vulnerabilidades de inyección SQL en la funcinalidad "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0 permiten a usuarios remotos ejecutar comandos SQL de su elección a través de una entrada m... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •