|
294471
|
- |
|
parallels
|
parallels_plesk_panel
|
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by read…
|
CWE-200
Information Exposure
|
CVE-2011-4853
|
2024-11-21 10:33 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294472
|
- |
|
parallels
|
parallels_plesk_panel
|
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and cert…
|
CWE-200
Information Exposure
|
CVE-2011-4852
|
2024-11-21 10:33 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294473
|
- |
|
parallels
|
parallels_plesk_panel
|
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass aut…
|
CWE-255
Credentials Management
|
CVE-2011-4851
|
2024-11-21 10:33 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294474
|
- |
|
parallels
|
parallels_plesk_panel
|
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potenti…
|
CWE-200
Information Exposure
|
CVE-2011-4850
|
2024-11-21 10:33 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294475
|
- |
|
parallels
|
parallels_plesk_panel
|
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by …
|
CWE-200
Information Exposure
|
CVE-2011-4849
|
2024-11-21 10:33 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294476
|
- |
|
parallels
|
parallels_plesk_panel
|
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffin…
|
CWE-200
Information Exposure
|
CVE-2011-4848
|
2024-11-21 10:33 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294477
|
- |
|
parallels
|
parallels_plesk_panel
|
SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notificati…
|
CWE-89
SQL Injection
|
CVE-2011-4847
|
2024-11-21 10:33 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294478
|
- |
|
homeseer
|
homeseer_hs2
|
Cross-site request forgery (CSRF) vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitra…
|
CWE-352
Origin Validation Error
|
CVE-2011-4837
|
2024-11-21 10:33 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294479
|
- |
|
homeseer
|
homeseer_hs2
|
Cross-site scripting (XSS) vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML via a request for a crafted URI.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4836
|
2024-11-21 10:33 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294480
|
- |
|
homeseer
|
homeseer_hs2
|
Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2011-4835
|
2024-11-21 10:33 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
