CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2008-4447 – H-Sphere WebShell 4.3.10 - 'actions.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-4447
06 Oct 2008 — Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action. Una vulnerabilidad de tipo cross-site scripting (XSS), en el archivo actions.php en el Software H-Sphere WebShell de Positive versión 4.3.10, permite a los atacantes remotos inyectar script web o HTML ... • https://www.exploit-db.com/exploits/32449 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-4448
https://notcve.org/view.php?id=CVE-2008-4448
06 Oct 2008 — Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions. Vulnerabilidad de falsificación de petición en sitios cruzados (CSFR) en actions.php en H-Sphere WebShell 4.3.10 de Positive Software permite a atacantes remotos llevar a cabo acciones no autorizadas como adminis... • http://packetstormsecurity.org/0810-exploits/webshell431-xssxsrf.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-1049
https://notcve.org/view.php?id=CVE-2008-1049
27 Feb 2008 — Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors. Vulnerabilidad no especificada en Parallels SiteStudio en versiones anteriores a 1.7.2, y 1.8.x en versiones anteriores 1.8b, como lo utilizado en Parallels H-Sphere 3.0 en versiones anteriores a Patch 9 y 2.5 en versiones anteriores a Patch 11, tiene un efecto y vectores de ataque desconocidos. • http://secunia.com/advisories/29084 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2633
https://notcve.org/view.php?id=CVE-2007-2633
13 May 2007 — Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter. Vulnerabilidad de salto de directorio en H-Sphere SiteStudio 1.6 permite a atacantes remotos leer, o incluir y ejecutar, archivos locales de su elección a través de la secuencia ..(punto punto) en el parámetro template. • http://osvdb.org/35977 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6382
https://notcve.org/view.php?id=CVE-2006-6382
07 Dec 2006 — The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. El panel de control para Positive Software H-Sphere versiones anteriores a 2.5.0 RC3 crea ficheros de log en directorio de usuario con permisos no seguros, que permite a usuarios ... • http://secunia.com/advisories/23199 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2006-3278
https://notcve.org/view.php?id=CVE-2006-3278
28 Jun 2006 — Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name. Vulnerabilidad de secuencias de comandos en H-Sphere v2.5.1 Beta v1 y anteriores permiten a atacantes remotos inyectar código web o HTML de su elección a través de los parámetros (1) next_template... • http://pridels0.blogspot.com/2006/06/h-sphere-25x-xss-vuln.html •
CVSS: 6.1EPSS: 0%CPEs: 32EXPL: 0CVE-2006-0193
https://notcve.org/view.php?id=CVE-2006-0193
13 Jan 2006 — Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action. • http://secunia.com/advisories/18447 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2005-4261
https://notcve.org/view.php?id=CVE-2005-4261
15 Dec 2005 — Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to have unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different vulnerability than CVE-2005-3962; however, there is insufficient information to be sure. Vulnerabilidad no especificada en Positive Software Corporation CP+ (cpplus) anteriores a 2.5.5 tiene impacto y vectores de ataq... • http://cpplus.info/feature_25.html •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2005-1605
https://notcve.org/view.php?id=CVE-2005-1605
16 May 2005 — Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere. • http://exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txt •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2005-1606 – Positive Software H-Sphere Winbox 2.4 - Sensitive Logfile Content Disclosure
https://notcve.org/view.php?id=CVE-2005-1606
16 May 2005 — H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges. • https://www.exploit-db.com/exploits/25636 •