Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plesk vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-4892
Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote malicious users to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3.
Swsoft Plesk 8.1.1
Swsoft Plesk 8.2
Swsoft Plesk 7.6.1
Swsoft Plesk 8.1
1 EDB exploit
7.5
CVSSv2
CVE-2012-1557
SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x prior to 8.6 MU#2, 9.x prior to 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote malicious users to execute arbitrary SQL...
Parallels Parallels Plesk Panel 7.0
Parallels Parallels Plesk Panel 8.6
Parallels Parallels Plesk Panel 7.6.1
Parallels Parallels Plesk Panel 8.0
Parallels Parallels Plesk Panel 8.3
Parallels Parallels Plesk Panel 8.4
Parallels Parallels Plesk Panel 8.1
Parallels Parallels Plesk Panel 8.2
Parallels Parallels Plesk Panel 9.0
Parallels Parallels Plesk Panel 9.2
Parallels Parallels Plesk Panel 9.5.4
Parallels Parallels Plesk Panel 9.3
Parallels Parallels Plesk Panel 9.5
Parallels Parallels Plesk Panel 10.0.1
Parallels Parallels Plesk Panel 10.1.1
Parallels Parallels Plesk Panel 10.2.0
Parallels Parallels Plesk Panel 10.3.1
NA
CVE-2023-0829
Plesk 17.0 up to and including 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscript...
Plesk Plesk
5
CVSSv2
CVE-2007-2268
Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote malicious users to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3.
Swsoft Plesk 7.6.1
Swsoft Plesk 8.1.0
Swsoft Plesk 8.1.1
1 EDB exploit
6.5
CVSSv2
CVE-2021-45008
Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users
Plesk Plesk 18.0.37
1 Github repository
4.3
CVSSv2
CVE-2021-45007
Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an malicious user to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users
Plesk Plesk 18.0.37
1 Github repository
NA
CVE-2023-4931
Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon....
Plesk Plesk 3.27.0.0
6.8
CVSSv2
CVE-2006-6451
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.
Swsoft Plesk 7.5
Swsoft Plesk
2 EDB exploits
5
CVSSv2
CVE-2001-1222
Plesk Server Administrator (PSA) 1.0 allows remote malicious users to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain.
Plesk Plesk Server Administrator 1.0
4.3
CVSSv2
CVE-2004-2702
Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote malicious users to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451.
Swsoft Plesk 7.0
Swsoft Plesk 7.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2108
CVE-2024-31061
CVE-2024-25959
CVE-2023-45866
injection
IDOR
memory leak
CVE-2024-1086
CVE-2023-42931
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »