CVE Assignments for Plesk Parallels Panel Version psa v10.2.0_build1011110331.18 os_RedHat el6

CVE-2011-4725, CVE-2011-4726, CVE-2011-4727, CVE-2011-4728, CVE-2011-4729, CVE-2011-4730, CVE-2011-4731, CVE-2011-4732, CVE-2011-4733

CVE Report for Plesk Parallels Panel Version psa v10.2.0_build1011110331.18 os_RedHat el6 at Sat Sep 24 17:03:36 CDT 2011.

XSS.CX Summary

Parallels Plesk Control Panel Version 20110407.20 for Windows and RHEL6 Linux Versions are vulnerable to XSS and other injection vulnerabilities beginning with a user of least-privs when logged into the Control Panel.

Interim Report via Acunetix 7,
Interim Report via Paros Desktop,
RHEL6 Target Analysis for CPanel
Report for Windows Server

Credits: FuzzDB, Portswigger, Ferruh Mavituna, David Hoyt

SQL injection
CVE-2011-4725

Cross-site scripting (reflected)
CVE-2011-4726

XML injection
CVE-2011-4727

SSL cookie without secure flag set
CVE-2011-4728

Cookie without HttpOnly flag set
CVE-2011-4729

Password field with autocomplete enabled
CVE-2011-4730

Private IP addresses disclosed
CVE-2011-4731

HTML does not specify charset
CVE-2011-4732

Content type incorrectly stated
CVE-2011-4733

XSS.CX Blog

Anti-Phishing Research, Tombstones

Sunday, December 11, 2011

CVE-2011-4725, Plesk Parallels Panel Version psa v10.2.0_build1011110331.18 os_RedHat el6, CVE-2011-4726, CVE-2011-4727, CVE-2011-4728, CVE-2011-4729, CVE-2011-4730, CVE-2011-4731, CVE-2011-4732, CVE-2011-4733

CVE Assignments for Plesk Parallels Panel Version psa v10.2.0_build1011110331.18 os_RedHat el6

CVE-2011-4725, CVE-2011-4726, CVE-2011-4727, CVE-2011-4728, CVE-2011-4729, CVE-2011-4730, CVE-2011-4731, CVE-2011-4732, CVE-2011-4733

Parallels Plesk Control Panel Version 20110407.20 for Windows and RHEL6 Linux Versions are vulnerable to XSS and other injection vulnerabilities beginning with a user of least-privs when logged into the Control Panel.

No comments:

Post a Comment