Ike.ninja

The following bug has been fixed:

[-] Security fix of directory traversal vulnerability in Horde Framework

The following bugs have been fixed:

[-] Possible security vulnerability due to insufficient validation of input parameters
[-] Bugfixes from the billing team for 10.4.4 MU#3
[-] No subdomains in Plesk GUI after upgrade
[-] Errors during SiteBuilder site publishing if Plesk has been installed to /var/local
[-] Error when managing a Java application on a subdomain
[-] Embedded Video blocks images in SiteBuilder Image Gallery
[-] Applications that can not be installed in Plesk have been hidden from the Application catalog
[-] Only featured apps from Infrastructure category showing on Server > Tools & Settings
[-] Not all the images have been migrated from SiteBuilder 4.5 site’s image gallery
[-] plesk_agent_manager.exe fails with unhandled exception if psarepository.dll was replaced to old version
[-] plesk_agent_manager.exe silently fails if psadumpschema.dll was replaced to old version
[-] Automatic user login of Plesk SugarCRM did not work
[-] If you try to set a password for mail account that contains the symbol "£" is an error with no clear message

[-] SQL injection vulnerability has been fixed.

[-] SQL injection vulnerability has been fixed.

[-] Qmail-TLS STARTTLS protocol plaintext command injection vulnerability fixed. More details: http://telussecuritylabs.com/threats/show/FSC20110309-02

[-] Qmail-TLS STARTTLS protocol plaintext command injection vulnerability fixed. More details: http://telussecuritylabs.com/threats/show/FSC20110309-02

We issued security hotfix Parallels Plesk Panel 10.0.1 MU#2 – Plesk admin password changing.
The Micro-Update delivers bug fix for vulnerability that allows authorized Plesk user to change Plesk ‘admin’ password and then compromise Control Panel.