618 matches found
CVE-2006-5028
CVE-2006-5028 : A directory traversal flaw exists in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Windows, in filemanager/filemanager.php, where a crafted file parameter using ../ in a chdir action lets remote attackers list arbitrary directories. This is documented in the NVD entries, with the impa...
CVE-2006-5028
Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ dot dot slash in the file parameter in a chdir action...
[PLESK 7.5 Reload] & [PLESK 7.6 for MS Windows] path passing and disclosure vulnerability
/-------------------------------------- PLESK 7.5 Reload and lower & PLESK 7.6 for M$ Windows path passing and disclosure Discovered By: GuanYu Email: [email protected] Website: HVA http://www.vnhacker.org --------------------------------------/ -| Description: |- PLESK is a powerful web control...
PLESK 7.57.6 - FileManager.php Directory Traversal
PLESK 7.57.6 - FileManager.php Directory Traversal source: https://www.securityfocus.com/bid/20155/info PLESK is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the...
PLESK 7.5/7.6 - 'FileManager.php' Directory Traversal
source: https://www.securityfocus.com/bid/20155/info PLESK is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected...
Plesk Control Panel <= 8.0.0 XSS vulnerability
Product: Plesk control panel Version: = 8.0.0 Vendor: SWSoft Inc. URL: http://www.swsoft.com/en/products/plesk/ VULNERABILITY CLASS: XSS Product Description Plesk is comprehensive server management software developed specifically for the Hosting Service Industry with the assistance of Web hosting...
plesk800.txt
Product: Plesk control panel Version: alert; Credits INVENT...
CVE-2006-3737
CVE-2006-3737 describes a cross-site scripting (XSS) vulnerability in the filemanager/filemanager.php component of the SWsoft Plesk control panel (version 8.0 and earlier). The issue arises when an authenticated user supplies a crafted file parameter, allowing injection of arbitrary web script or...
CVE-2004-2702
Cross-site scripting XSS vulnerability in loginup.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the loginname parameter. NOTE: this might be the same vector as CVE-2006-6451...
[SA12368] Plesk "login_name" Cross-Site Scripting Vulnerability
TITLE: Plesk "loginname" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA12368 VERIFY ADVISORY: http://secunia.com/advisories/12368/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Plesk 7.x http://secunia.com/product/3833/ DESCRIPTION: Sourvivor has...
Plesk Reloaded login_up.php3 login_name Parameter XSS
The remote host is running Plesk Reloaded from SWsoft, a web-based system administration tool. The remote version of this software is vulnerable to a cross-site scripting attack because of its failure to sanitize user input to the 'loginname' parameter of the 'loginup.php3' script. This issue can...
SWsoft Plesk Reloaded 7.1 - Login_name Cross-Site Scripting
SWsoft Plesk Reloaded 7.1 - Loginname Cross-Site Scripting source: https://www.securityfocus.com/bid/11024/info It is reported that Plesk Reloaded may be affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI inpu...
SWsoft Plesk Reloaded 7.1 - 'Login_name' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11024/info It is reported that Plesk Reloaded may be affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a...
CVE-2001-1222
Plesk Server Administrator PSA 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain...
CVE-2001-1222
Plesk Server Administrator (PSA) 1.0 is affected by CVE-2001-1222: remote attackers can obtain PHP source code by issuing an HTTP request that includes the target IP address and a valid domain account name. The vulnerability is documented in NVD with a medium impact score (CVSSv2: AV:N/AC:L/Au:N/...
CVE-2001-1222
Plesk Server Administrator PSA 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain...
twlc-adv-plesk211201.txt
twlc security divison 21/12/2001 plesk psa allows reading of .php files Found by: supergate ./twlc Summary: Plesk is a server admnistrator used by LOTS of web hosting companies to make easy the menagement of the server. Its a really cool software!! i work with it. This bug allows you to read the...
twlc advisory: plesk (psa) allows reading of .php files
twlc security divison 21/12/2001 plesk psa allows reading of .php files Found by: supergate ./twlc Summary: Plesk is a server admnistrator used by LOTS of web hosting companies to make easy the menagement of the server. Its a really cool software!! i work with it. This bug allows you to read the...