Vulnerabilities > Swsoft > Plesk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-14 | CVE-2007-4892 | SQL Injection vulnerability in Swsoft Plesk Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3. | 7.5 |
| 2007-04-25 | CVE-2007-2269 | Directory Traversal vulnerability in Plesk 8.1.0/8.1.1 Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-04-25 | CVE-2007-2268 | Directory Traversal vulnerability in Swsoft Plesk 7.6.1/8.1.0/8.1.1 Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-12-10 | CVE-2006-6451 | Cross-Site Scripting vulnerability in Swsoft Plesk 7.5 Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3. | 6.8 |
| 2006-09-27 | CVE-2006-5028 | Directory Traversal vulnerability in Swsoft Plesk and Plesk Reload Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. | 5.0 |
| 2004-12-31 | CVE-2004-2702 | Cross-Site Scripting vulnerability in Swsoft Plesk 7.0/7.1 Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. | 4.3 |