Swsoft Plesk vulnerabilities
6 known vulnerabilities affecting swsoft/plesk.
Total CVEs
6
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2006-5028P3MEDIUMCVSS 5.0PoCv7.62006-09-27
CVE-2006-5028 [MEDIUM] CVE-2006-5028: Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Ples
Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action.
nvd
CVE-2007-4892P3HIGHCVSS 7.5PoCv7.6.1v8.1+2 more2007-09-14
CVE-2007-4892 [HIGH] CWE-89 CVE-2007-4892: Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows al
Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3.
nvd
CVE-2007-2268P4MEDIUMCVSS 5.0PoCv7.6.1v8.1.0+1 more2007-04-25
CVE-2007-2268 [MEDIUM] CVE-2007-2268: Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 all
Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3.
nvd
CVE-2006-6451P4MEDIUMCVSS 6.8PoC≤ 8.0.1v7.52006-12-10
CVE-2006-6451 [MEDIUM] CWE-79 CVE-2006-6451: Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote a
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.
nvd
CVE-2004-2702P4MEDIUMCVSS 4.3PoCv7.0v7.12004-12-31
CVE-2004-2702 [MEDIUM] CWE-79 CVE-2004-2702: Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remot
Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451.
nvd
CVE-2007-2269P4MEDIUMCVSS 5.0v8.1.0v8.1.12007-04-25
CVE-2007-2269 [MEDIUM] CVE-2007-2269: Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remot
Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter.
nvd