CVE-2008-1049
https://notcve.org/view.php?id=CVE-2008-1049
Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors. Vulnerabilidad no especificada en Parallels SiteStudio en versiones anteriores a 1.7.2, y 1.8.x en versiones anteriores 1.8b, como lo utilizado en Parallels H-Sphere 3.0 en versiones anteriores a Patch 9 y 2.5 en versiones anteriores a Patch 11, tiene un efecto y vectores de ataque desconocidos. • http://secunia.com/advisories/29084 http://www.psoft.net/misc/hs_ss_technical_update.html http://www.securityfocus.com/bid/28002 http://www.securitytracker.com/id?1019506 https://exchange.xforce.ibmcloud.com/vulnerabilities/40846 •
CVE-2006-3278
https://notcve.org/view.php?id=CVE-2006-3278
Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name. Vulnerabilidad de secuencias de comandos en H-Sphere v2.5.1 Beta v1 y anteriores permiten a atacantes remotos inyectar código web o HTML de su elección a través de los parámetros (1) next_template, (2) start, (3) curr_menu_id, y (4) arid en psoft/servlet/resadmin/psoft.hsphere.CP cuando es usado mailman/massmail.html template_name. • http://pridels0.blogspot.com/2006/06/h-sphere-25x-xss-vuln.html http://secunia.com/advisories/20798 http://www.osvdb.org/26863 http://www.securityfocus.com/bid/18677 http://www.vupen.com/english/advisories/2006/2550 https://exchange.xforce.ibmcloud.com/vulnerabilities/27381 •
CVE-2006-0193
https://notcve.org/view.php?id=CVE-2006-0193
Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action. • http://secunia.com/advisories/18447 http://www.osvdb.org/22372 http://www.psoft.net/HSdocumentation/versions/?v=all&p=r http://www.psoft.net/HSdocumentation/versions/index.php?v=243p9&p=r http://www.securityfocus.com/archive/1/421704/100/0/threaded http://www.vupen.com/english/advisories/2006/0172 https://exchange.xforce.ibmcloud.com/vulnerabilities/24096 •
CVE-2005-1606 – Positive Software H-Sphere Winbox 2.4 - Sensitive Logfile Content Disclosure
https://notcve.org/view.php?id=CVE-2005-1606
H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges. • https://www.exploit-db.com/exploits/25636 http://exploitlabs.com/files/advisories/EXPL-A-2005-007-hsphere.txt http://secunia.com/advisories/15287 http://www.osvdb.org/16239 http://www.psoft.net/misc/hsphere_winbox_security_update_passwd.html http://www.securityfocus.com/bid/13559 https://exchange.xforce.ibmcloud.com/vulnerabilities/20522 •