Security 10816 Published by

An exploit code for the Plesk webhosting control panel was released Wednesday on the Full-Disclosure mailing list by "kingcope"



From ArsTechnica:
Hundreds of thousands of websites could be endangered by publicly available attack code exploiting a critical vulnerability in the Plesk control panel. This particular vulnerability gives hackers control of the server it runs on according to security researchers.

The code-execution vulnerability affects default versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 of Plesk running on the Linux and FreeBSD operating systems, a configuration used by more than 360,000 websites. Plesk running on Windows and other types of Unix haven't been tested to see if those configurations are vulnerable as well. The exploit code was released Wednesday on the Full-Disclosure mailing list by "kingcope," a pseudonymous security researcher who has frequented the forum for years. He has a proven track record for developing reliable exploits.
  More than 360,000 Apache websites imperiled by critical Plesk vulnerability