| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2011-4855 | 9.3 |
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict invo
|
29-08-2017 - 01:30 | 16-12-2011 - 11:55 | |
| CVE-2011-4851 | 9.3 |
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation
|
29-08-2017 - 01:30 | 16-12-2011 - 11:55 | |
| CVE-2011-4848 | 4.3 |
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling
|
29-08-2017 - 01:30 | 16-12-2011 - 11:55 | |
| CVE-2011-4856 | 9.3 |
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving admin/h
|
29-08-2017 - 01:30 | 16-12-2011 - 11:55 | |
| CVE-2011-4852 | 4.3 |
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote a
|
29-08-2017 - 01:30 | 16-12-2011 - 11:55 | |
| CVE-2011-4847 | 7.5 |
SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notification@/.
|
29-08-2017 - 01:30 | 16-12-2011 - 11:55 | |
| CVE-2011-4776 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/update
|
29-08-2017 - 01:30 | 16-12-2011 - 11:55 | |
| CVE-2011-4854 | 9.3 |
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not ensure that Content-Type HTTP headers match the corresponding Content-Type data in HTML META elements, which might allow remote attackers to have an unspecified impact by lev
|
29-08-2017 - 01:30 | 16-12-2011 - 11:55 | |
| CVE-2011-4849 | 4.3 |
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http sessio
|
29-08-2017 - 01:30 | 16-12-2011 - 11:55 | |
| CVE-2011-4853 | 4.3 |
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by smb/user/list-dat
|
29-08-2017 - 01:30 | 16-12-2011 - 11:55 | |
| CVE-2011-4777 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to inject arbitrary web script or HTML via the login parameter to preferences.html.
|
13-05-2012 - 04:00 | 16-12-2011 - 11:55 | |
| CVE-2011-4850 | 4.3 |
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to thi
|
16-12-2011 - 11:55 | 16-12-2011 - 11:55 |