|
303331
|
- |
|
parallels
|
parallels_plesk_panel
|
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and cert…
|
CWE-200
Information Exposure
|
CVE-2011-4852
|
2024-11-21 10:33 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303332
|
- |
|
parallels
|
parallels_plesk_panel
|
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass aut…
|
CWE-255
Credentials Management
|
CVE-2011-4851
|
2024-11-21 10:33 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303333
|
- |
|
parallels
|
parallels_plesk_panel
|
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potenti…
|
CWE-200
Information Exposure
|
CVE-2011-4850
|
2024-11-21 10:33 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303334
|
- |
|
parallels
|
parallels_plesk_panel
|
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by …
|
CWE-200
Information Exposure
|
CVE-2011-4849
|
2024-11-21 10:33 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303335
|
- |
|
parallels
|
parallels_plesk_panel
|
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffin…
|
CWE-200
Information Exposure
|
CVE-2011-4848
|
2024-11-21 10:33 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303336
|
- |
|
parallels
|
parallels_plesk_panel
|
SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notificati…
|
CWE-89
SQL Injection
|
CVE-2011-4847
|
2024-11-21 10:33 |
2011-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303337
|
- |
|
homeseer
|
homeseer_hs2
|
Cross-site request forgery (CSRF) vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitra…
|
CWE-352
Origin Validation Error
|
CVE-2011-4837
|
2024-11-21 10:33 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303338
|
- |
|
homeseer
|
homeseer_hs2
|
Cross-site scripting (XSS) vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML via a request for a crafted URI.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4836
|
2024-11-21 10:33 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303339
|
- |
|
homeseer
|
homeseer_hs2
|
Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2011-4835
|
2024-11-21 10:33 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303340
|
- |
|
hp
|
application_lifestyle_management
|
The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tm…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4834
|
2024-11-21 10:33 |
2011-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
