CVE-2007-4892 – SWSoft Plesk 8.2 - 'login.php3' PLESKSESSID Cookie SQL Injection
https://notcve.org/view.php?id=CVE-2007-4892
Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3. Múltiples vulnerabilidades de inyección SQL en SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, y 8.2.0 para Windows permiten a atacantes remotos ejecutar comandos SQL de su elección mediante una cookie PLESKSESSID en (1) login.php3 ó (2) auth.php3. • https://www.exploit-db.com/exploits/30577 http://kb.swsoft.com/en/2159 http://marc.info/?l=bugtraq&m=118960991517910&w=2 http://secunia.com/advisories/26741 http://www.osvdb.org/37009 http://www.securityfocus.com/bid/25646 https://exchange.xforce.ibmcloud.com/vulnerabilities/36580 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-2268 – plesk 8.1.1 - 'login.php3' Directory Traversal
https://notcve.org/view.php?id=CVE-2007-2268
Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3. Múltiples vulnerabilidades de escalado de directorio en el SWsoft Plesk para Windows 7.6.1, 8.1.0 y 8.1.1 permite a atacantes remotos leer ficheros de su elección mediante la inserción de .. (punto punto) en el parámetro locale_id del (1) login.php3 o (2) login_up.php3. • https://www.exploit-db.com/exploits/29898 http://forum.swsoft.com/showthread.php?s=&postid=172761#post172761 http://kb.swsoft.com/en/1798 http://secunia.com/advisories/25036 http://www.osvdb.org/34081 http://www.osvdb.org/34082 http://www.securityfocus.com/bid/23639 http://www.vupen.com/english/advisories/2007/1588 •
CVE-2006-6451 – Plesk 7.5/8.0 - 'get_password.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6451
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SWsoft Plesk 8.0.1 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección mediante parámetros no especificados en (1) get_password.php ó (2) login_up.php3. • https://www.exploit-db.com/exploits/29017 https://www.exploit-db.com/exploits/29018 http://marc.info/?l=bugtraq&m=116370467532206&w=2 http://securitytracker.com/id?1017236 http://www.majorsecurity.de/index_2.php?major_rls=major_rls34 http://www.securityfocus.com/bid/21067 https://exchange.xforce.ibmcloud.com/vulnerabilities/30320 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •