6 matches found
CVE-2004-2702
CVE-2004-2702 is a cross-site scripting (XSS) vulnerability in SWsoft Plesk Reloaded's login_up.php3, exploitable via the login_name parameter. Affected are Plesk 7.0 and 7.1 Reloaded; root cause: failure to sanitize input to login_name. Impact: remote attacker can inject arbitrary script visible...
CVE-2007-2268
CVE-2007-2268 : Multiple directory traversal vulnerabilities affect SWsoft Plesk for Windows (versions 7.6.1, 8.1.0, 8.1.1). The issue arises from unsafely handling the locale_id parameter in login.php3, login_up.php3 (and top.php3 per NASL) which allows an unauthenticated attacker to read arbitr...
CVE-2007-4892
CVE-2007-4892 describes multiple SQL injection vulnerabilities in SWSoft Plesk versions 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows. The underlying issue is SQL injection via the PLESKSESSID cookie, exploitable through (1) login.php3 and (2) auth.php3, allowing remote attackers to execute arbitrar...
CVE-2006-6451
SWsoft Plesk 8.0.1 and earlier are affected by multiple XSS vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to get_password.php or login_up.php3. The issue is documented across CVE-2006-6451, with CVSSv2 base metrics indicating a mediu...
CVE-2007-2269
CVE-2007-2269 affects SWsoft Plesk for Windows versions 8.1 and 8.1.1. It is a directory traversal vulnerability in top.php3 that allows remote attackers to read arbitrary files by supplying .. in the locale_id parameter. Exploitation details, affected versions beyond the listed ones, and remedia...
CVE-2006-5028
CVE-2006-5028 : A directory traversal flaw exists in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Windows, in filemanager/filemanager.php, where a crafted file parameter using ../ in a chdir action lets remote attackers list arbitrary directories. This is documented in the NVD entries, with the impa...