Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plesk plesk vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2007-4892
Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote malicious users to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3.
Swsoft Plesk 8.1.1
Swsoft Plesk 8.2
Swsoft Plesk 7.6.1
Swsoft Plesk 8.1
1 EDB exploit
668
VMScore
CVE-2012-1557
SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x prior to 8.6 MU#2, 9.x prior to 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote malicious users to execute arbitrary SQL...
Parallels Parallels Plesk Panel 7.0
Parallels Parallels Plesk Panel 8.6
Parallels Parallels Plesk Panel 7.6.1
Parallels Parallels Plesk Panel 8.0
Parallels Parallels Plesk Panel 8.3
Parallels Parallels Plesk Panel 8.4
Parallels Parallels Plesk Panel 8.1
Parallels Parallels Plesk Panel 8.2
Parallels Parallels Plesk Panel 9.0
Parallels Parallels Plesk Panel 9.2
Parallels Parallels Plesk Panel 9.5.4
Parallels Parallels Plesk Panel 9.3
Parallels Parallels Plesk Panel 9.5
Parallels Parallels Plesk Panel 10.0.1
Parallels Parallels Plesk Panel 10.1.1
Parallels Parallels Plesk Panel 10.2.0
Parallels Parallels Plesk Panel 10.3.1
NA
CVE-2023-0829
Plesk 17.0 up to and including 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscript...
Plesk Plesk
505
VMScore
CVE-2007-2268
Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote malicious users to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3.
Swsoft Plesk 7.6.1
Swsoft Plesk 8.1.0
Swsoft Plesk 8.1.1
1 EDB exploit
NA
CVE-2023-4931
Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon....
Plesk Plesk 3.27.0.0
383
VMScore
CVE-2021-45007
Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an malicious user to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users
Plesk Plesk 18.0.37
1 Github repository
578
VMScore
CVE-2021-45008
Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users
Plesk Plesk 18.0.37
1 Github repository
445
VMScore
CVE-2001-1222
Plesk Server Administrator (PSA) 1.0 allows remote malicious users to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain.
Plesk Plesk Server Administrator 1.0
690
VMScore
CVE-2006-6451
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.
Swsoft Plesk 7.5
Swsoft Plesk
2 EDB exploits
435
VMScore
CVE-2004-2702
Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote malicious users to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451.
Swsoft Plesk 7.0
Swsoft Plesk 7.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »