Every now and then I decide to unsubscribe from the Full-Disclosure mailing list. It's not much about any disclosure any more; it is rather a place where people brag about finding XSS vulnerabilities in outdated CMSes, complaints about how the Paypal Bug Bounty Program does not actually pay out, and general ranting.
And then, Kingcope makes a post.
Reportedly, the following Plesk versions are vulnerable:
- Plesk 9.5.4
- Plesk 9.3
- Plesk 9.2
- Plesk 9.0
- Plesk 8.6