Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plesk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6984
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote malicious users to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as ...
Parallels Plesk 8.6.0
NA
CVE-2008-3579
Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote malicious users to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leverage...
Calacode Atmail 5.41
NA
CVE-2007-4892
Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote malicious users to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3.
Swsoft Plesk 8.1.1
Swsoft Plesk 8.2
Swsoft Plesk 7.6.1
Swsoft Plesk 8.1
1 EDB exploit
NA
CVE-2007-2268
Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote malicious users to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3.
Swsoft Plesk 7.6.1
Swsoft Plesk 8.1.0
Swsoft Plesk 8.1.1
1 EDB exploit
NA
CVE-2007-2269
Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote malicious users to read arbitrary files via a .. (dot dot) in the locale_id parameter.
Swsoft Plesk 8.1.0
Swsoft Plesk 8.1.1
NA
CVE-2006-6451
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.
Swsoft Plesk 7.5
Swsoft Plesk
2 EDB exploits
NA
CVE-2006-5028
Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote malicious users to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action.
Swsoft Plesk Reload 7.5
Swsoft Plesk 7.6
1 EDB exploit
NA
CVE-2006-3737
Cross-site scripting (XSS) vulnerability in filemanager/filemanager.php in the control panel in SWsoft Plesk 8.0 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the file parameter.
Swsoft Plesk Control Panel
NA
CVE-2004-2702
Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote malicious users to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451.
Swsoft Plesk 7.0
Swsoft Plesk 7.1
1 EDB exploit
NA
CVE-2001-1222
Plesk Server Administrator (PSA) 1.0 allows remote malicious users to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain.
Plesk Plesk Server Administrator 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8