XSS.CX Blog: CVE-2011-4734, Plesk Control Panel for Windows Version 10.2.x Build 20110407.20,CVE-2011-4735, CVE-2011-4736, CVE-2011-4737, CVE-2011-4738, CVE-2011-4739, CVE-2011-4740, CVE-2011-4741, CVE-2011-4742, CVE-2011-4743, CVE-2011-4744

Sunday, December 11, 2011

CVE Assignments for Plesk Control Panel for Windows Version 10.2.x Build 20110407.20
http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html

SQL injection
CVE-2011-4734

Cross-site scripting (reflected)
CVE-2011-4735

Cleartext submission of password
CVE-2011-4736

Password returned in later response
CVE-2011-4737

Cookie without HttpOnly flag set
CVE-2011-4738

Password field with autocomplete enabled
CVE-2011-4739

Cross-domain POST
not a vulnerability for CVE

Cross-domain Referer leakage
CVE-2011-4740

Database connection string disclosed
CVE-2011-4741

Email addresses disclosed
CVE-2011-4742

HTML does not specify charset
CVE-2011-4743

Content type incorrectly stated
CVE-2011-4744

XSS.CX Blog

Anti-Phishing Research, Tombstones

Sunday, December 11, 2011

CVE-2011-4734, Plesk Control Panel for Windows Version 10.2.x Build 20110407.20,CVE-2011-4735, CVE-2011-4736, CVE-2011-4737, CVE-2011-4738, CVE-2011-4739, CVE-2011-4740, CVE-2011-4741, CVE-2011-4742, CVE-2011-4743, CVE-2011-4744

No comments:

Post a Comment