57 matches found
CVE-2017-18604
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...
Cross site request forgery (csrf)
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...
CVE-2017-18604
The CVE-2017-18604 entry concerns the WordPress plugin sitebuilder-dynamic-components (up to version 1.0). Multiple sources confirm a PHP object injection vulnerability reachable via AJAX requests, enabling an unauthenticated/vector-based impact with HIGH integrity risk (CVSS v3.1: 7.5). Affected...
CVE-2017-18604
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...
Parallels Plesk Sitebuilder Remote Detection
Detection of installed version of Parallels Plesk Sitebuilder. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
Parallels Plesk Sitebuilder Multiple Vulnerabilities
Parallels Plesk Sitebuilder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
SiteBuilder Dynamic Components <= 1.0 - Unauthenticated PHP Object Injection
The plugin sitebuilder-dynamic-components insecurely trusts serialized data submitted over AJAX requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Attack is exploitable over AJAX calls sites with the sitebuilder-dynamic-components Plugin...
Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities
No description provided by source. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder Author : alieye vendor : http://www.parallels.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl::2006/Sites...
Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities
Exploit for php platform in category web applications +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder Author : alieye vendor : http://www.parallels.com/ Contact : email protected Risk : High Class: Remote Google Dork:...
Multiple Vulnerabilities in Parallels® Plesk Sitebuilder
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder Author : alieye vendor : http://www.parallels.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl::2006/Sites ext:aspx inurl::2006 inurl:.ashx?media...
Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities
Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder Author : alieye vendor : http://www.parallels.com/ Contact : [email protected] Risk : High Class: Remote Google Dor...
Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder Author : alieye vendor : http://www.parallels.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl::2006/Sites ext:aspx inurl::2006 inurl:.ashx?media...
Plesk Sitebuilder XSS / Bypass / Shell Upload / File Download
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder Author : alieye vendor : http://www.parallels.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl::2006/Sites ext:aspx inurl::2006 inurl:.ashx?media...
Sitebuilder 1.4 'sitebuilder.cgi' Directory Traversal File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8521/info Sitebuilder is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of system files. The problem occurs due to the application failing to parse user-suppli...
SiteBuilder-FX Top.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18756/info SiteBuilder-FX is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an...
Code injection
The Site Editor aka SiteBuilder feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated b...
CVE-2011-4766
The CVE-2011-4766 entry concerns Parallels Plesk Small Business Panel 10.2.0, specifically the Site Editor/SiteBuilder and the file wysiwyg/fckconfig.js. The claim is that remote attackers could obtain ASP source code via direct access to that file; however, multiple sources note this is disputed...
CVE-2011-4767
The CVE-2011-4767 issue affects Parallels Plesk Small Business Panel 10.2.0, specifically the Site Editor (SiteBuilder) feature. It describes web pages containing e-mail addresses not intended for deployment-related correspondence, enabling remote attackers to obtain potentially sensitive informa...
Ez sitebuilder <= Admin Auth Bypass Vulnerability
Exploit for php platform in category web applications ===================================================================== . . . . | | ||/ | || | / / \ / /\ | | / | \ \ | |/ | \ / | || | // | / // | \ /\ | /|//|||| |\ | / /|| / Exploit-ID is the Exploit Information Disclosure Web :...
Parallels Plesk Sitebuilder Persistent Xss Vulnerability
Exploit for php platform in category web applications ======================================================== Parallels Plesk Sitebuilder Persistent Xss Vulnerability ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0...