CVSS: 9.8EPSS: 36%CPEs: 4EXPL: 1CVE-2013-4878 – Plesk < 9.5.4 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2013-4878
18 Jul 2013 — The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823. La configuración por defecto de Parallels Plesk Panel v9.0.x y v9.2.x en UNIX, y Small Business Panel v10.x en UNIX, tiene una directiva ScriptAlias incorrecta para phppath, lo que hace más facil para atacant... • https://www.exploit-db.com/exploits/25986 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4754
https://notcve.org/view.php?id=CVE-2011-4754
16 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/app/available/id/apscatalog/ and certain other files. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Parallels Plesk Small Business Panel 10.2.0. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de entrada modif... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4756
https://notcve.org/view.php?id=CVE-2011-4756
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by domains/sitebuilder_edit.php and certain other files. Parallels Plesk Small Business Panel 10.2.0 no incluye el atributo HTTPOnly de una cabecera Set-Cookie para una cookie, lo que facilita a atacantes remotos obtener información confidenci... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4761
https://notcve.org/view.php?id=CVE-2011-4761
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving domains/sitebuilder_edit.php and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. Parallels Plesk Small Business Panel 10.2.0 omite el parámetro charset de cabeceras Content-Type para determinados recurso... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4768
https://notcve.org/view.php?id=CVE-2011-4768
16 Dec 2011 — The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving Wizard/Edit/Modules/Image and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. La característica "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 1... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4757
https://notcve.org/view.php?id=CVE-2011-4757
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and certain other files. Parallels Plesk Small Business Panel 10.2.0 genera un campo de formulario de contraseña sin deshabilitar el autocompletado, lo que facilita a atacantes remotos evitar la autenticación accediendo a un ordenador desatentidi... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-255: Credentials Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4767
https://notcve.org/view.php?id=CVE-2011-4767
16 Dec 2011 — The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/Wizard/Status.js and certain other files. La característica "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0 tiene páginas web que contienen direcciones de e-m... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4755
https://notcve.org/view.php?id=CVE-2011-4755
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted cookie, as demonstrated by cookies to client@1/domain@1/hosting/file-manager/ and certain other files. Parallels Plesk Small Business Panel 10.2.0 no valida apropiadamente datos de cadena de texto que son utilizados para almacenamiento en un documen... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4766
https://notcve.org/view.php?id=CVE-2011-4766
16 Dec 2011 — The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment ** CONTROVERTIDA ** La característica "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0 permite a atacantes remotos obtener el código fuente ASP a través de peticiones directas a wysiwyg/fckconfig.js. NOTA: CVE discute este... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4764
https://notcve.org/view.php?id=CVE-2011-4764
16 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Wizard/Edit/Modules/Image and certain other files. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0. Permite a atacantes remotos... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •