|
302341
|
- |
|
parallels
|
parallels_plesk_panel
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive inf…
|
CWE-200
Information Exposure
|
CVE-2011-4731
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302342
|
- |
|
parallels
|
parallels_plesk_panel
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attacke…
|
CWE-255
Credentials Management
|
CVE-2011-4730
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302343
|
- |
|
parallels
|
parallels_plesk_panel
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers t…
|
NVD-CWE-Other
|
CVE-2011-4729
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302344
|
- |
|
parallels
|
parallels_plesk_panel
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture…
|
CWE-200
Information Exposure
|
CVE-2011-4728
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302345
|
- |
|
parallels
|
parallels_plesk_panel
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attacker…
|
CWE-20
Improper Input Validation
|
CVE-2011-4727
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302346
|
- |
|
parallels
|
parallels_plesk_panel
|
Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4726
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302347
|
- |
|
parallels
|
parallels_plesk_panel
|
Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input…
|
CWE-89
SQL Injection
|
CVE-2011-4725
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302348
|
- |
|
artsoft
|
rocks\'n\'diamonds
|
Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4606
|
2024-11-21 10:32 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302349
|
- |
|
digium
|
asterisk
|
The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of…
|
CWE-200
Information Exposure
|
CVE-2011-4598
|
2024-11-21 10:32 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302350
|
- |
|
digium
|
asterisk
|
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on…
|
CWE-200
Information Exposure
|
CVE-2011-4597
|
2024-11-21 10:32 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
