Lucene search
+L

618 matches found

NVD
NVD
added 2025/07/03 1:15 p.m.22 views

CVE-2025-49618

In Plesk Obsidian 18.0.69, unauthenticated requests to /loginup.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint...

5.8CVSS0.00349EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.18 views

PT-2025-27799 · Plesk · Plesk Obsidian

Name of the Vulnerable Software and Affected Versions: Plesk Obsidian version 18.0.69 Description: The issue allows unauthenticated requests to the "/login up.php" API endpoint to reveal sensitive AWS credentials, including accessKeyId, secretAccessKey, region, and endpoint. Recommendations: For...

5.8CVSS6.3AI score0.00349EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/07/03 12:0 a.m.6 views

Plesk Obsidian 安全漏洞

Plesk Obsidian is a hosting control panel from Plesk Switzerland. A security vulnerability exists in Plesk Obsidian version 18.0.69 that stems from an unauthenticated /loginup.php request that could disclose AWS credentials...

5.8CVSS6.8AI score0.00349EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/03 12:0 a.m.7 views

CVE-2025-49618

In Plesk Obsidian 18.0.69, unauthenticated requests to /loginup.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint...

5.8CVSS7.3AI score0.00349EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/03 12:0 a.m.35 views

CVE-2025-49618

In Plesk Obsidian 18.0.69, unauthenticated requests to /loginup.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint...

5.8CVSS0.00349EPSS
Exploits0References2
CVE
CVE
added 2025/07/03 12:0 a.m.51 views

CVE-2025-49618

CVE-2025-49618 affects Plesk Obsidian 18.0.69. Unauthenticated requests to /login_up.php can disclose AWS credentials (accessKeyId, secretAccessKey, region, endpoint). Documented CVSSv3.1 base score 5.8 (Medium) with network attack vector, low attack complexity, no privileges required, and scope ...

5.8CVSS7.3AI score0.00349EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:55 a.m.14 views

CVE-2023-24044

A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."...

6.1CVSS7.1AI score0.02157EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:16 a.m.10 views

CVE-2022-45130

Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names...

6.5CVSS6.9AI score0.00336EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:37 p.m.15 views

CVE-2021-35976

The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview sites hosted on the server...

6.1CVSS6.5AI score0.01148EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:49 a.m.8 views

CVE-2011-4768

The Site Editor aka SiteBuilder feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving...

10CVSS7.1AI score0.02072EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:48 a.m.9 views

CVE-2011-4850

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...

4.3CVSS6.5AI score0.01066EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 a.m.13 views

CVE-2019-18793

Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter...

6.1CVSS6.1AI score0.00791EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:5 a.m.8 views

CVE-2011-4746

The billing system for Parallels Plesk Panel 10.3.1build1013110726.09 does not disable the SSL 2.0 protocol, which makes it easier for remote attackers to conduct spoofing attacks by leveraging protocol weaknesses...

5CVSS7AI score0.01034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:55 a.m.14 views

CVE-2013-4878

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than...

9.8CVSS8.4AI score0.99998EPSS
Exploits42References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:32 a.m.13 views

CVE-2011-4731

The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files...

5CVSS6.6AI score0.01173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:6 a.m.9 views

CVE-2013-0132

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables...

6.8CVSS7.9AI score0.0126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:39 a.m.11 views

CVE-2011-4777

Cross-site scripting XSS vulnerability in the Site Editor aka SiteBuilder feature in Parallels Plesk Panel 10.4.4build20111103.18 allows remote attackers to inject arbitrary web script or HTML via the login parameter to preferences.html...

4.3CVSS5.9AI score0.00931EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:38 a.m.8 views

CVE-2011-4766

The Site Editor aka SiteBuilder feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment...

5CVSS7.1AI score0.01173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/01 11:18 p.m.12 views

CVE-2025-24832

Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension f...

5.5CVSS6.9AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/28 12:20 a.m.12 views

CVE-2024-34014

Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension for Plesk Linux...

5.5CVSS6.9AI score0.00196EPSS
Exploits0References1
Rows per page
Query Builder