|
294741
|
- |
|
parallels
|
parallels_plesk_small_business_panel
|
The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE dis…
|
CWE-200
Information Exposure
|
CVE-2011-4766
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294742
|
- |
|
parallels
|
parallels_plesk_small_business_panel
|
The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attac…
|
CWE-200
Information Exposure
|
CVE-2011-4765
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294743
|
- |
|
parallels
|
parallels_plesk_small_business_panel
|
Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script o…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4764
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294744
|
- |
|
parallels
|
parallels_plesk_small_business_panel
|
Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted…
|
CWE-89
SQL Injection
|
CVE-2011-4763
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294745
|
- |
|
parallels
|
parallels_plesk_small_business_panel
|
Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretatio…
|
NVD-CWE-Other
|
CVE-2011-4762
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294746
|
- |
|
parallels
|
parallels_plesk_small_business_panel
|
Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an …
|
NVD-CWE-Other
|
CVE-2011-4761
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294747
|
- |
|
parallels
|
parallels_plesk_small_business_panel
|
Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to…
|
CWE-200
Information Exposure
|
CVE-2011-4760
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294748
|
- |
|
parallels
|
parallels_plesk_small_business_panel
|
Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for client@1/domain@1/hosting/file-manager/ and certain other …
|
CWE-200
Information Exposure
|
CVE-2011-4759
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294749
|
- |
|
parallels
|
parallels_plesk_small_business_panel
|
Parallels Plesk Small Business Panel 10.2.0 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by form…
|
CWE-310
Cryptographic Issues
|
CVE-2011-4758
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294750
|
- |
|
parallels
|
parallels_plesk_small_business_panel
|
Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveragi…
|
CWE-255
Credentials Management
|
CVE-2011-4757
|
2024-11-21 10:32 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
