OSVDB: Open Sourced Vulnerability Database

Creditee: David Hoyt

Known Contact Information:

None at this time

Known Affiliations:

Hoyt LLC (as of 2010-10-05)
Hoyt LLC Research (as of 2011-09-21)

Disclosed Vulnerabilities (124):

Disc. Date	OSVDB ID	CVEID	Title
2011-11-20	77902	2011-4851	Parallels Plesk Panel Control Panel Multiple Script Password Field Autocomplete Weakness
2011-11-20	77885	2011-4776	Parallels Plesk Panel Control Panel Root Directory start_page Parameter XSS
2011-11-20	77898	2011-4847	Parallels Plesk Panel Control Panel notification@/ certificateslist Cookie SQL Injection
2011-11-20	77899	2011-4848	Parallels Plesk Panel Control Panel client@1/domain@1/backup/local-repository/ HTTP Response Body Remote Password Disclosure
2011-11-20	77900	2011-4849	Parallels Plesk Panel Control Panel Multiple Script HTTPS Session Cookie Secure Flag Weakness
2011-11-20	77886	2011-4776	Parallels Plesk Panel Control Panel /admin/update/settings/ branch Parameter XSS
2011-11-20	77887	2011-4776	Parallels Plesk Panel Control Panel /plesk/client@3/domain@2/hosting/file-manager/ cmd Parameter XSS
2011-11-20	77888	2011-4776	Parallels Plesk Panel Control Panel /plesk/client@3/domain@2/hosting/file-manager/create-dir/ cmd Parameter XSS
2011-11-20	77889	2011-4776	Parallels Plesk Panel Control Panel /plesk/client@3/domain@2/hosting/file-manager/edit/ Multiple Parameter XSS
2011-11-20	77890	2011-4776	Parallels Plesk Panel Control Panel /plesk/client@3/domain@2/hosting/file-manager/permissions/ fname Parameter XSS
2011-11-20	77891	2011-4776	Parallels Plesk Panel Control Panel /plesk/client@3/domain@2/hosting/file-manager/rename/ Multiple Parameter XSS
2011-11-20	77892	2011-4776	Parallels Plesk Panel Control Panel /plesk/client@3/domain@2/hosting/file-manager/view/ cmd Parameter XSS
2011-11-20	77893	2011-4776	Parallels Plesk Panel Control Panel /relay Multiple Parameter XSS
2011-11-20	77894	2011-4776	Parallels Plesk Panel Control Panel /smb/app/applications-list-data/catalogId/apscatalog category Parameter XSS
2011-11-20	77895	2011-4776	Parallels Plesk Panel Control Panel /smb/email-address/create autoResponder[autoResponderSection][contentType] Parameter XSS
2011-11-20	77896	2011-4776	Parallels Plesk Panel Control Panel /smb/my-profile general[vcard][email][emailType] Parameter XSS
2011-11-20	77903	2011-4852	Parallels Plesk Panel Control Panel Multiple Script Cross-Domain Referer Leakage Multiple Web-Server Log Information Disclosure (2011-4852)
2011-11-20	77904	2011-4853	Parallels Plesk Panel Control Panel Multiple Script RFC 1918 IP Address Disclosure
2011-11-20	77905	2011-4854	Parallels Plesk Panel Control Panel get_enabled_product_icon Content-Type HTTP Header Matching Weakness
2011-11-20	77906	2011-4855	Parallels Plesk Panel Control Panel Multiple Script Content-Type Header HTML Charset Specification Weakness (2011-4855)
2011-11-20	77907	2011-4856	Parallels Plesk Panel Control Panel Multiple Script Content-type Handling Weakness
2011-11-20	77901	2011-4850	Parallels Plesk Panel Control Panel Multiple Script HTTPOnly Flag Set-Cookie Header Remote Information Disclosure
2011-11-20	77897	2011-4777	Parallels Plesk Small Business Panel Site Editor (SiteBuilder) Feature /preferences.html login Parameter XSS
2011-09-21	77787	2011-4725	Parallels Plesk Panel Server Administration Panel /admin/ locale Cookie SQL Injection
2011-09-21	77788	2011-4725	Parallels Plesk Panel Server Administration Panel /admin/customer/create contactInfoSection[contactInfo][fax] Parameter SQL Injection
2011-09-21	77789	2011-4725	Parallels Plesk Panel Server Administration Panel /admin/customer/list searchFilter[resourceUsage][searchText] Parameter SQL Injection
2011-09-21	77790	2011-4725	Parallels Plesk Panel Server Administration Panel /admin/customer/list/reset-search/true/ Referer HTTP Header SQL Injection
2011-09-21	77792	2011-4725	Parallels Plesk Panel Server Administration Panel /admin/home/reseller User-Agent HTTP Header SQL Injection
2011-09-21	77791	2011-4725	Parallels Plesk Panel Server Administration Panel /admin/reseller/personal-info/ psaContext Cookie SQL Injection
2011-09-21	77794	2011-4725	Parallels Plesk Panel Server Administration Panel /admin/subscription/list REST URL Parameter SQL Injection
2011-09-21	77793	2011-4725	Parallels Plesk Panel Server Administration Panel /login_up.php3 Multiple Parameter SQL Injection
2011-09-21	77795	2011-4726	Parallels Plesk Panel Server Administration Panel Root Directory start_page Parameter XSS
2011-09-21	77796	2011-4726	Parallels Plesk Panel Server Administration Panel /admin/app/usage-data searchFilter[name][searchText] Parameter XSS
2011-09-21	77797	2011-4726	Parallels Plesk Panel Server Administration Panel /admin/health/ group Parameter XSS
2011-09-21	77798	2011-4726	Parallels Plesk Panel Server Administration Panel /plesk/reseller@3/backup/create/ email Parameter XSS
2011-09-21	77799	2011-4726	Parallels Plesk Panel Server Administration Panel /plesk/reseller@3/custom-buttons/custom-button@new/properties/ wizard Parameter XSS
2011-09-21	77800	2011-4726	Parallels Plesk Panel Server Administration Panel /plesk/reseller@3/report/layout@2/auto@new/properties/ wizard Parameter XSS
2011-09-21	77801	2011-4727	Parallels Plesk Panel Server Administration Panel Multiple Script REST URL Parameter XML Injection
2011-09-21	77802	2011-4728	Parallels Plesk Panel Server Administration Panel HTTPS Session Cookie Secure Flag Weakness
2011-09-21	77803	2011-4729	Parallels Plesk Panel Server Administration Panel Multiple Script HTTPOnly Flag Set-Cookie Header Remote Information Disclosure
2011-09-21	77804	2011-4730	Parallels Plesk Panel Server Administration Panel Multiple Script Password Field Autocomplete Weakness
2011-09-21	77806	2011-4732	Parallels Plesk Panel Server Administration Panel Content-Type Header HTML Charset Specification Weakness
2011-09-21	77807	2011-4733	Parallels Plesk Panel Server Administration Panel Incorrect Content-Type Header Weakness
2011-09-21	77808	2011-4734	Parallels Plesk Panel Control Panel /plesk/client@2/domain@1/hosting/file-manager/ no_frames_login_page Cookie SQL Injection
2011-09-21	77809	2011-4734	Parallels Plesk Panel Control Panel /plesk/client@2/domain@1/hosting/file-manager/create-file/ psaContext Cookie SQL Injection
2011-09-21	77810	2011-4734	Parallels Plesk Panel Control Panel /plesk/client@2/domain@1/hosting/file-manager/edit/ PLESKSESSID Cookie SQL Injection
2011-09-21	77811	2011-4734	Parallels Plesk Panel Control Panel /plesk/client@2/domain@1/hosting/file-manager/view/ certificateslist Cookie SQL Injection
2011-09-21	77812	2011-4734	Parallels Plesk Panel Control Panel /smb/web/<script>alert(1)</script> Multiple Parameter SQL Injection
2011-09-21	77813	2011-4734	Parallels Plesk Panel Control Panel /smb/web/view/id/1/<script>alert(1)</script> no_frames Cookie SQL Injection
2011-09-21	77814	2011-4735	Parallels Plesk Panel Control Panel /plesk/client@2/custom-buttons/custom-button@new/properties/ wizard Parameter XSS
2011-09-21	77815	2011-4735	Parallels Plesk Panel Control Panel /plesk/client@2/domain@1/backup/create/ email Parameter XSS
2011-09-21	77816	2011-4735	Parallels Plesk Panel Control Panel /plesk/client@2/domain@1/hosting/file-manager/ cmd Parameter XSS
2011-09-21	77817	2011-4735	Parallels Plesk Panel Control Panel /plesk/client@2/domain@1/odbc/dsn@new/properties/ wizard Parameter XSS
2011-09-21	77818	2011-4735	Parallels Plesk Panel Control Panel /smb/app/download-progress/catalogId/marketplace/taskId/2 REST URL Parameter XSS
2011-09-21	77819	2011-4735	Parallels Plesk Panel Control Panel /smb/email-address/create autoResponder[autoResponderSection][contentType] Parameter XSS
2011-09-21	77820	2011-4735	Parallels Plesk Panel Control Panel /smb/email-address/edit/id/4 autoResponder[autoResponderSection][contentType] Parameter XSS
2011-09-21	77821	2011-4735	Parallels Plesk Panel Control Panel /smb/user/create general[vcard][email][emailType] Parameter XSS
2011-09-21	77822	2011-4735	Parallels Plesk Panel Control Panel /smb/user/edit/id/4 general[vcard][email][emailType] Parameter XSS
2011-09-21	77823	2011-4736	Parallels Plesk Panel Control Panel Multiple Script Cleartext Password Disclosure
2011-09-21	77824	2011-4737	Parallels Plesk Panel Control Panel client@2/domain@1/odbc/dsn@1/properties/ HTTP Response Body Remote Password Disclosure
2011-09-21	77825	2011-4738	Parallels Plesk Panel Control Panel Multiple Script HTTPOnly Flag Set-Cookie Header Remote Information Disclosure
2011-09-21	77826	2011-4739	Parallels Plesk Panel Control Panel Multiple Script Password Field Autocomplete Weakness
2011-09-21	77827	2011-4740	Parallels Plesk Panel Control Panel Multiple Script Cross-Domain Referer Leakage Multiple Web-Server Log Information Disclosure (2011-4740)
2011-09-21	77828	2011-4741	Parallels Plesk Panel Control Panel client@2/domain@1/hosting/aspdotnet/ Database Connection String Information Disclosure
2011-09-21	77829	2011-4742	Parallels Plesk Panel Control Panel Multiple Script Remote Email Address Disclosure
2011-09-21	77830	2011-4743	Parallels Plesk Panel Control Panel Multiple Script Content-Type Header HTML Charset Specification Weakness (2011-4743)
2011-09-21	77831	2011-4744	Parallels Plesk Panel Control Panel Incorrect Content-Type Header Weakness
2011-09-21	77833	2011-4745	Parallels Plesk Panel Billing System /plesk-billing/admin/index.php/default ui_type Parameter XSS
2011-09-21	77835	2011-4747	Parallels Plesk Panel Billing System SSL Session Cipher Weakness
2011-09-21	77836	2011-4748	Parallels Plesk Panel Billing System Multiple Script Remote Email Address Disclosure
2011-09-21	77837	2011-4749	Parallels Plesk Panel Billing System Multiple Script Password Field Autocomplete Weakness
2011-09-21	77861	2011-4754	Parallels Plesk Small Business Panel /smb/app/available/id/apscatalog/ category Parameter XSS
2011-09-21	77864	2011-4755	Parallels Plesk Small Business Panel Multiple Script Multiple Cookie XML Injection
2011-09-21	77865	2011-4756	Parallels Plesk Small Business Panel Multiple Script HTTPOnly Flag Set-Cookie Header Remote Information Disclosure
2011-09-21	77866	2011-4757	Parallels Plesk Small Business Panel Multiple Script Password Field Autocomplete Weakness
2011-09-21	77867	2011-4758	Parallels Plesk Small Business Panel Multiple Script Cleartext Password Disclosure
2011-09-21	77868	2011-4759	Parallels Plesk Small Business Panel Multiple Script Cross-Domain Referer Leakage Multiple Web-Server Log Information Disclosure
2011-09-21	77869	2011-4760	Parallels Plesk Small Business Panel Multiple Script Remote Email Address Disclosure
2011-09-21	77870	2011-4761	Parallels Plesk Small Business Panel Multiple Script Content-Type Header HTML Charset Specification Weakness
2011-09-21	77871	2011-4762	Parallels Plesk Small Business Panel Incorrect Content-Type Header Weakness
2011-09-21	77872	2011-4763	Parallels Plesk Small Business Panel Site Editor (SiteBuilder) Feature /Wizard/Edit/Html currentPageId Parameter SQL Injection
2011-09-21	77862	2011-4754	Parallels Plesk Small Business Panel /smb/file/copy items[0] Parameter XSS
2011-09-21	77863	2011-4754	Parallels Plesk Small Business Panel /smb/file/index/type/external/ folder Parameter XSS
2011-09-21	77873	2011-4763	Parallels Plesk Small Business Panel Site Editor (SiteBuilder) Feature /Wizard/Edit/Modules/ImageGallery filelist Cookie SQL Injection
2011-09-21	77874	2011-4763	Parallels Plesk Small Business Panel Site Editor (SiteBuilder) Feature /Wizard/Edit/Modules/ImageGallery/Image/Edit PLESKSESSID Cookie SQL Injection
2011-09-21	77875	2011-4763	Parallels Plesk Small Business Panel Site Editor (SiteBuilder) Feature /Wizard/Publish Referer HTTP Header SQL Injection
2011-09-21	77876	2011-4763	Parallels Plesk Small Business Panel Site Editor (SiteBuilder) Feature /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/css/styles.css colorScheme Parameter SQL Injection
2011-09-21	77877	2011-4763	Parallels Plesk Small Business Panel Site Editor (SiteBuilder) Feature /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/logo.gif template Parameter SQL Injection
2011-09-21	77878	2011-4763	Parallels Plesk Small Business Panel Site Editor (SiteBuilder) Feature /sites/78/78806f0057ebcbb04597bd12795bd6a6/__edit/images/xsk_16.jpg ColorScheme Parameter SQL Injection
2011-09-21	77879	2011-4764	Parallels Plesk Small Business Panel Site Editor (SiteBuilder) Feature /Wizard/Edit/Modules/Image Multiple Parameter XSS
2011-09-21	77881	2011-4765	Parallels Plesk Small Business Panel Site Editor (SiteBuilder) Feature Multiple Script HTTPOnly Flag Set-Cookie Header Remote Information Disclosure
2011-09-21	77883	2011-4767	Parallels Plesk Small Business Panel Site Editor (SiteBuilder) Feature Multiple Script Remote Email Address Disclosure
2011-09-21	77880	2011-4764	Parallels Plesk Small Business Panel Site Editor (SiteBuilder) Feature /localizedimage.php Multiple Parameter XSS
2011-09-21	77805	2011-4731	Parallels Plesk Panel Server Administration Panel Multiple Script RFC 1918 IP Address Disclosure
2011-09-21	77834	2011-4746	Parallels Plesk Panel Billing System SSL 2.0 Protocol Weakness
2011-09-21	77832	2009-3555	Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaintext Data Injection
2011-09-21	77838	2011-4753	Parallels Plesk Small Business Panel Root Directory Multiple Parameter SQL Injection
2011-09-21	77839	2011-4753	Parallels Plesk Small Business Panel /domains/sitebuilder_edit.php Multiple Parameter SQL Injection
2011-09-21	77840	2011-4753	Parallels Plesk Small Business Panel /javascript/chk.js.php Multiple Cookie SQL Injection
2011-09-21	77841	2011-4753	Parallels Plesk Small Business Panel /plesk/client@1/domain@1/hosting/file-manager/ Multiple Cookie SQL Injection
2011-09-21	77842	2011-4753	Parallels Plesk Small Business Panel /plesk/client@1/domain@1/hosting/file-manager/create-dir/ Multiple Parameter SQL Injection
2011-09-21	77843	2011-4753	Parallels Plesk Small Business Panel /plesk/client@1/domain@1/hosting/file-manager/create-file/ Multiple Parameter SQL Injection
2011-09-21	77844	2011-4753	Parallels Plesk Small Business Panel /plesk/client@1/domain@1/hosting/file-manager/edit/ Referer HTTP Header SQL Injection
2011-09-21	77845	2011-4753	Parallels Plesk Small Business Panel /plesk/client@1/domain@1/hosting/file-manager/permissions/ Multiple Cookie SQL Injection
2011-09-21	77846	2011-4753	Parallels Plesk Small Business Panel /plesk/client@1/domain@1/hosting/file-manager/rename/ Multiple Parameter SQL Injection
2011-09-21	77847	2011-4753	Parallels Plesk Small Business Panel /plesk/client@1/domain@1/hosting/file-manager/view/ Multiple Parameter SQL Injection
2011-09-21	77848	2011-4753	Parallels Plesk Small Business Panel /smb/admin-home/application-items/ user Cookie SQL Injection
2011-09-21	77849	2011-4753	Parallels Plesk Small Business Panel /smb/app/available/id/apscatalog Multiple Parameter SQL Injection
2011-09-21	77850	2011-4753	Parallels Plesk Small Business Panel /smb/change-password/get-link Multiple Parameter SQL Injection
2011-09-21	77851	2011-4753	Parallels Plesk Small Business Panel /smb/file/email user Cookie SQL Injection
2011-09-21	77852	2011-4753	Parallels Plesk Small Business Panel /smb/help/redirect/controller-name/ Multiple Parameter SQL Injection
2011-09-21	77853	2011-4753	Parallels Plesk Small Business Panel /smb/help/redirect/controller-name/app/action-name/market user Cookie SQL Injection
2011-09-21	77854	2011-4753	Parallels Plesk Small Business Panel /smb/help/redirect/controller-name/dashboard/ Multiple Parameter SQL Injection
2011-09-21	77855	2011-4753	Parallels Plesk Small Business Panel /smb/help/redirect/controller-name/email-address/action-name/ user Cookie SQL Injection
2011-09-21	77856	2011-4753	Parallels Plesk Small Business Panel /smb/login Multiple Parameter SQL Injection
2011-09-21	77857	2011-4753	Parallels Plesk Small Business Panel /smb/redirect/pleskin/root// PLESKSESSID Cookie SQL Injection
2011-09-21	77858	2011-4753	Parallels Plesk Small Business Panel /smb/role/create/ user Cookie SQL Injection
2011-09-21	77859	2011-4753	Parallels Plesk Small Business Panel /smb/role/list/ user Cookie SQL Injection
2011-09-21	77860	2011-4753	Parallels Plesk Small Business Panel /smb/web/view/id/1/ user Cookie SQL Injection
2011-09-21	77882	2011-4766	Parallels Plesk Small Business Panel Site Editor (SiteBuilder) Feature wysiwyg/fckconfig.js Direct Request ASP Source Code Disclosure
2011-09-21	77884	2011-4768	Parallels Plesk Small Business Panel Site Editor (SiteBuilder) Feature Multiple Script Content-Type Header HTML Charset Specification Weakness
2010-10-05	68367		SmarterMail Main/frmStoredFiles.aspx path Parameter XSS
2010-10-05	68368		SmarterMail UserControls/Popups/frmAddFileStorageFolder.aspx edit Parameter XSS
2010-10-05	68369		SmarterMail Main/Calendar/frmEvent.aspx SubjectBox_SettingText Parameter XSS

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.