CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2011

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2011-4766 200 +Info 2011-12-16 2011-12-16
5.0
None Remote Low Not required Partial None None
** DISPUTED ** The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment.
102 CVE-2011-4765 200 +Info 2011-12-16 2017-08-29
4.3
None Remote Medium Not required Partial None None
The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by Wizard/Edit/Modules/ImageGallery/MultiImagesUpload and certain other files.
103 CVE-2011-4764 79 XSS 2011-12-16 2017-08-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Wizard/Edit/Modules/Image and certain other files.
104 CVE-2011-4763 89 Exec Code Sql 2011-12-16 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files.
105 CVE-2011-4762 2011-12-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/app/top-categories-data/ and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
106 CVE-2011-4761 2011-12-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving domains/sitebuilder_edit.php and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
107 CVE-2011-4760 200 +Info 2011-12-16 2017-08-29
5.0
None Remote Low Not required Partial None None
Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files.
108 CVE-2011-4759 200 +Info 2011-12-16 2017-08-29
5.0
None Remote Low Not required Partial None None
Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for client@1/domain@1/hosting/file-manager/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
109 CVE-2011-4758 310 +Info 2011-12-16 2017-08-29
5.0
None Remote Low Not required Partial None None
Parallels Plesk Small Business Panel 10.2.0 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in smb/auth and certain other files.
110 CVE-2011-4757 255 Bypass 2011-12-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and certain other files.
111 CVE-2011-4756 200 +Info 2011-12-16 2017-08-29
5.0
None Remote Low Not required Partial None None
Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by domains/sitebuilder_edit.php and certain other files.
112 CVE-2011-4755 20 DoS 2011-12-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted cookie, as demonstrated by cookies to client@1/domain@1/hosting/file-manager/ and certain other files.
113 CVE-2011-4754 79 XSS 2011-12-16 2017-08-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/app/available/id/apscatalog/ and certain other files.
114 CVE-2011-4753 89 Exec Code Sql 2011-12-16 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by domains/sitebuilder_edit.php and certain other files.
115 CVE-2011-4752 2011-12-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
116 CVE-2011-4751 200 +Info 2011-12-16 2017-08-29
5.0
None Remote Low Not required Partial None None
SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
117 CVE-2011-4750 79 XSS 2011-12-16 2011-12-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files.
118 CVE-2011-4749 255 Bypass 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms on certain pages under admin/index.php/default.
119 CVE-2011-4748 200 +Info 2011-12-16 2019-04-22
5.0
None Remote Low Not required Partial None None
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/ajax/core/ajax.inc.js and certain other files.
120 CVE-2011-4747 310 2011-12-16 2019-04-22
5.0
None Remote Low Not required None Partial None
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not prevent the use of weak ciphers for SSL sessions, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a crafted CipherSuite list.
121 CVE-2011-4746 310 2011-12-16 2019-04-22
5.0
None Remote Low Not required None Partial None
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not disable the SSL 2.0 protocol, which makes it easier for remote attackers to conduct spoofing attacks by leveraging protocol weaknesses.
122 CVE-2011-4745 79 XSS 2011-12-16 2019-04-22
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/index.php/default and certain other files.
123 CVE-2011-4744 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/featured-applications/ and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue.
124 CVE-2011-4743 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/user/create and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue.
125 CVE-2011-4742 200 +Info 2011-12-16 2019-04-22
5.0
None Remote Low Not required Partial None None
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/user/list and certain other files.
126 CVE-2011-4741 200 +Info 2011-12-16 2019-04-22
5.0
None Remote Low Not required Partial None None
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/.
127 CVE-2011-4740 200 +Info 2011-12-16 2019-04-22
4.3
None Remote Medium Not required Partial None None
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates web pages containing external links in response to GET requests with query strings for smb/app/search-data/catalogId/marketplace and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
128 CVE-2011-4739 255 Bypass 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files.
129 CVE-2011-4738 200 +Info 2011-12-16 2019-04-22
5.0
None Remote Low Not required Partial None None
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files.
130 CVE-2011-4737 200 Bypass +Info 2011-12-16 2019-04-22
5.0
None Remote Low Not required Partial None None
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in client@2/domain@1/odbc/dsn@1/properties/.
131 CVE-2011-4736 310 +Info 2011-12-16 2019-04-22
5.0
None Remote Low Not required Partial None None
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in login_up.php3 and certain other files.
132 CVE-2011-4735 79 XSS 2011-12-16 2019-04-22
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/user/create and certain other files.
133 CVE-2011-4734 89 Exec Code Sql 2011-12-16 2019-04-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by file-manager/ and certain other files.
134 CVE-2011-4733 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/disable-featured-applications-promo and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue.
135 CVE-2011-4732 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving account/power-mode-logout and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue.
136 CVE-2011-4731 200 +Info 2011-12-16 2019-04-22
5.0
None Remote Low Not required Partial None None
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files.
137 CVE-2011-4730 255 Bypass 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in admin/reseller/login-info/ and certain other files.
138 CVE-2011-4729 +Info 2011-12-16 2019-04-22
5.0
None Remote Low Not required Partial None None
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by login_up.php3 and certain other files.
139 CVE-2011-4728 200 +Info 2011-12-16 2019-04-22
5.0
None Remote Low Not required Partial None None
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files.
140 CVE-2011-4727 20 DoS 2011-12-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted REST URL parameter, as demonstrated by parameters to admin/ and certain other files.
141 CVE-2011-4726 79 XSS 2011-12-16 2019-04-22
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/health/ and certain other files.
142 CVE-2011-4725 89 Exec Code Sql 2011-12-16 2019-04-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files.
143 CVE-2011-4723 310 +Info 2011-12-20 2011-12-20
6.8
None Remote Low ??? Complete None None
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
144 CVE-2011-4719 2011-12-09 2012-04-20
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
145 CVE-2011-4717 22 Dir. Trav. 2011-12-20 2011-12-20
5.5
None Remote Low ??? None Partial Partial
Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command.
146 CVE-2011-4716 22 1 Dir. Trav. 2011-12-08 2013-08-22
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.
147 CVE-2011-4715 22 1 Dir. Trav. 2011-12-08 2017-08-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.
148 CVE-2011-4714 22 1 Dir. Trav. 2011-12-08 2017-08-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) in the URL.
149 CVE-2011-4713 22 1 Dir. Trav. 2011-12-08 2011-12-09
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php.
150 CVE-2011-4712 22 Dir. Trav. 2011-12-08 2018-10-09
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.
Total number of vulnerabilities : 341   Page : 1 2 3 (This Page)4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.