| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in client@2/domain@1/odbc/dsn@1/properties/. |
| The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files. |
| The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates web pages containing external links in response to GET requests with query strings for smb/app/search-data/catalogId/marketplace and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. |
| The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/. |
| The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/user/list and certain other files. |
| The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/ajax/core/ajax.inc.js and certain other files. |
| SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. |
| Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by domains/sitebuilder_edit.php and certain other files. |
| Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for client@1/domain@1/hosting/file-manager/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. |
| Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files. |
| The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by Wizard/Edit/Modules/ImageGallery/MultiImagesUpload and certain other files. |
| The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment |
| The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/Wizard/Status.js and certain other files. |
| Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419. |
| The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account. |
| The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in certain files under client@1/domain@1/backup/local-repository/. |
| The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by help.php and certain other files. |
| The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files. |
| The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. |
| The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by smb/user/list-data/items-per-page/ and certain other files. |
