Информационная безопасность
[RU] switch to English

Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities

  [KurdishVanilla CMS <= 1.0.1 (RootDirectory)
Remote file inclusion Vuln.]

  [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla]

  DotClear : Multiples Full Path Disclosure

From:vuln.invent_(at)_gmail.com <vuln.invent_(at)_gmail.com>
Date:24 июля 2006 г.
Subject:Plesk Control Panel <= 8.0.0 XSS vulnerability

Product: Plesk control panel

Version: <= 8.0.0

Vendor: SWSoft Inc.

URL: http://www.swsoft.com/en/products/plesk/


[Product Description]

Plesk is comprehensive server management software developed specifically for the Hosting Service Industry with the assistance of Web hosting professionals.


An attacker can exploit it by compromising the values of the parameter
"file" in filemanager.php.

This can be used to take advantage of the trust between a client and server
allowing the malicious user to execute malicious JavaScript on
the client's machine when client is logged into control panel.





О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород