CVSS: 9.8EPSS: 0%CPEs: 43EXPL: 0CVE-2012-1557
https://notcve.org/view.php?id=CVE-2012-1557
12 Mar 2012 — SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012. Vulnerabilidad de inyección SQL en admin/plib/api-rpc/Agent.php de Parallels Plesk Panel 7.x y 8.x anteriores a 8.6 MU#2, 9.x anteriores a 9.5 MU#11, 10.0.x anteriores... • http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4725
https://notcve.org/view.php?id=CVE-2011-4725
16 Dec 2011 — Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files. Múltiples vulnerabilidades de inyección SQL en el panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 permiten a usuarios remotos ejecutar comandos SQL de su elección a través de datos de entrada modif... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4732
https://notcve.org/view.php?id=CVE-2011-4732
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving account/power-mode-logout and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 om... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4754
https://notcve.org/view.php?id=CVE-2011-4754
16 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/app/available/id/apscatalog/ and certain other files. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Parallels Plesk Small Business Panel 10.2.0. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de entrada modif... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4756
https://notcve.org/view.php?id=CVE-2011-4756
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by domains/sitebuilder_edit.php and certain other files. Parallels Plesk Small Business Panel 10.2.0 no incluye el atributo HTTPOnly de una cabecera Set-Cookie para una cookie, lo que facilita a atacantes remotos obtener información confidenci... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4761
https://notcve.org/view.php?id=CVE-2011-4761
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving domains/sitebuilder_edit.php and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. Parallels Plesk Small Business Panel 10.2.0 omite el parámetro charset de cabeceras Content-Type para determinados recurso... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4768
https://notcve.org/view.php?id=CVE-2011-4768
16 Dec 2011 — The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving Wizard/Edit/Modules/Image and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. La característica "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 1... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4757
https://notcve.org/view.php?id=CVE-2011-4757
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and certain other files. Parallels Plesk Small Business Panel 10.2.0 genera un campo de formulario de contraseña sin deshabilitar el autocompletado, lo que facilita a atacantes remotos evitar la autenticación accediendo a un ordenador desatentidi... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4737
https://notcve.org/view.php?id=CVE-2011-4737
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in client@2/domain@1/odbc/dsn@1/properties/. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 incluye una contraseña enviada ("submitted") dentro del cuerpo de una respuesta HTTP, lo que facilita a atacantes remotos obtener información con... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4739
https://notcve.org/view.php?id=CVE-2011-4739
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 genera un campo de formulario de contraseña sin deshabilitar la opción de autocompletado, lo que facilita a atacantes rem... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html • CWE-255: Credentials Management Errors •