Parallels Plesk Panel Security Vulnerabilities and Issues — Parallels Plesk Panel CVE List

Lucene search

ParallelsParallels Plesk Panel

3 matches found

CVE•added 2013/07/18 4:51 p.m.•189 views

CVE-2013-4878

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1...

7.5CVSS9.7AI score0.94386EPSS

CVE•added 2013/04/18 6:55 p.m.•55 views

CVE-2013-0133

Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain privileges via a crafted PATH environment variable.

7.2CVSS6.6AI score0.00072EPSS

CVE•added 2013/04/18 6:55 p.m.•46 views

CVE-2013-0132

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables.

6.8CVSS7.8AI score0.0047EPSS