|
294771
|
- |
|
parallels
|
parallels_plesk_panel
|
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network,…
|
CWE-310
Cryptographic Issues
|
CVE-2011-4736
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294772
|
- |
|
parallels
|
parallels_plesk_panel
|
Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to inject arbitrary web script or HTML via crafted in…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4735
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294773
|
- |
|
parallels
|
parallels_plesk_panel
|
Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP scrip…
|
CWE-89
SQL Injection
|
CVE-2011-4734
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294774
|
- |
|
parallels
|
parallels_plesk_panel
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecifie…
|
NVD-CWE-Other
|
CVE-2011-4733
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294775
|
- |
|
parallels
|
parallels_plesk_panel
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have …
|
NVD-CWE-Other
|
CVE-2011-4732
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294776
|
- |
|
parallels
|
parallels_plesk_panel
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive inf…
|
CWE-200
Information Exposure
|
CVE-2011-4731
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294777
|
- |
|
parallels
|
parallels_plesk_panel
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attacke…
|
CWE-255
Credentials Management
|
CVE-2011-4730
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294778
|
- |
|
parallels
|
parallels_plesk_panel
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers t…
|
NVD-CWE-Other
|
CVE-2011-4729
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294779
|
- |
|
parallels
|
parallels_plesk_panel
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture…
|
CWE-200
Information Exposure
|
CVE-2011-4728
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294780
|
- |
|
parallels
|
parallels_plesk_panel
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attacker…
|
CWE-20
Improper Input Validation
|
CVE-2011-4727
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
