Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-16 | CVE-2011-4743 | Unspecified vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20 The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/user/create and certain other files. | 10.0 |
| 2011-12-16 | CVE-2011-4739 | Credentials Management vulnerability in Parallels Plesk Panel 10.2.0Build20110407.20 The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files. | 10.0 |
| 2011-12-16 | CVE-2011-4733 | Unspecified vulnerability in Parallels Plesk Panel 10.2.0Build1011110331.18 The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/disable-featured-applications-promo and certain other files. | 10.0 |
| 2011-12-16 | CVE-2011-4732 | Unspecified vulnerability in Parallels Plesk Panel 10.2.0Build1011110331.18 The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving account/power-mode-logout and certain other files. | 10.0 |
| 2011-12-16 | CVE-2011-4730 | Credentials Management vulnerability in Parallels Plesk Panel 10.2.0Build1011110331.18 The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in admin/reseller/login-info/ and certain other files. | 10.0 |
| 2011-12-16 | CVE-2011-4727 | Improper Input Validation vulnerability in Parallels Plesk Panel 10.2.0Build1011110331.18 The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted REST URL parameter, as demonstrated by parameters to admin/ and certain other files. | 10.0 |
| 2011-12-14 | CVE-2011-3413 | Code Injection vulnerability in Microsoft products Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability." | 9.3 |
| 2011-12-14 | CVE-2011-3412 | Code Injection vulnerability in Microsoft Publisher 2003/2007 Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability." | 9.3 |
| 2011-12-14 | CVE-2011-3411 | Code Injection vulnerability in Microsoft Publisher 2003 Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability." | 9.3 |
| 2011-12-14 | CVE-2011-3410 | Improper Input Validation vulnerability in Microsoft Publisher 2003/2007 Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability." | 9.3 |