3 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2

Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3. Múltiples vulnerabilidades de inyección SQL en SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, y 8.2.0 para Windows permiten a atacantes remotos ejecutar comandos SQL de su elección mediante una cookie PLESKSESSID en (1) login.php3 ó (2) auth.php3. • https://www.exploit-db.com/exploits/30577 http://kb.swsoft.com/en/2159 http://marc.info/?l=bugtraq&m=118960991517910&w=2 http://secunia.com/advisories/26741 http://www.osvdb.org/37009 http://www.securityfocus.com/bid/25646 https://exchange.xforce.ibmcloud.com/vulnerabilities/36580 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 3%CPEs: 3EXPL: 1

Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3. Múltiples vulnerabilidades de escalado de directorio en el SWsoft Plesk para Windows 7.6.1, 8.1.0 y 8.1.1 permite a atacantes remotos leer ficheros de su elección mediante la inserción de .. (punto punto) en el parámetro locale_id del (1) login.php3 o (2) login_up.php3. • https://www.exploit-db.com/exploits/29898 http://forum.swsoft.com/showthread.php?s=&postid=172761#post172761 http://kb.swsoft.com/en/1798 http://secunia.com/advisories/25036 http://www.osvdb.org/34081 http://www.osvdb.org/34082 http://www.securityfocus.com/bid/23639 http://www.vupen.com/english/advisories/2007/1588 •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 4

Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SWsoft Plesk 8.0.1 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección mediante parámetros no especificados en (1) get_password.php ó (2) login_up.php3. • https://www.exploit-db.com/exploits/29017 https://www.exploit-db.com/exploits/29018 http://marc.info/?l=bugtraq&m=116370467532206&w=2 http://securitytracker.com/id?1017236 http://www.majorsecurity.de/index_2.php?major_rls=major_rls34 http://www.securityfocus.com/bid/21067 https://exchange.xforce.ibmcloud.com/vulnerabilities/30320 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •