CVSS: 2.6EPSS: 0%CPEs: 5EXPL: 0CVE-2006-3278
https://notcve.org/view.php?id=CVE-2006-3278
Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name. Vulnerabilidad de secuencias de comandos en H-Sphere v2.5.1 Beta v1 y anteriores permiten a atacantes remotos inyectar código web o HTML de su elección a través de los parámetros (1) next_template, (2) start, (3) curr_menu_id, y (4) arid en psoft/servlet/resadmin/psoft.hsphere.CP cuando es usado mailman/massmail.html template_name. • http://pridels0.blogspot.com/2006/06/h-sphere-25x-xss-vuln.html http://secunia.com/advisories/20798 http://www.osvdb.org/26863 http://www.securityfocus.com/bid/18677 http://www.vupen.com/english/advisories/2006/2550 https://exchange.xforce.ibmcloud.com/vulnerabilities/27381 •
CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0CVE-2006-0193
https://notcve.org/view.php?id=CVE-2006-0193
Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action. • http://secunia.com/advisories/18447 http://www.osvdb.org/22372 http://www.psoft.net/HSdocumentation/versions/?v=all&p=r http://www.psoft.net/HSdocumentation/versions/index.php?v=243p9&p=r http://www.securityfocus.com/archive/1/421704/100/0/threaded http://www.vupen.com/english/advisories/2006/0172 https://exchange.xforce.ibmcloud.com/vulnerabilities/24096 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2005-4261
https://notcve.org/view.php?id=CVE-2005-4261
Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to have unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different vulnerability than CVE-2005-3962; however, there is insufficient information to be sure. Vulnerabilidad no especificada en Positive Software Corporation CP+ (cpplus) anteriores a 2.5.5 tiene impacto y vectores de ataque desconocidos, relacionada a "un posible defecto de seguridad causado por un fallo de de Perl". NOTA: a menos que CP+ incluya su propio ejemplar de Perl con CVE-2005-3962, esta es una vulnerabilidad distinta de CVE-2005-3962; sin embargo no ha suficiente información para estar seguro. • http://cpplus.info/feature_25.html http://secunia.com/advisories/17975 http://secunia.com/advisories/18005 http://www.securityfocus.com/bid/15799 http://www.trustix.org/errata/2005/0068 http://www.vupen.com/english/advisories/2005/2828 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-1605
https://notcve.org/view.php?id=CVE-2005-1605
Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere. • http://exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txt http://secunia.com/advisories/15286 http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0154.html http://www.osvdb.org/16240 http://www.psoft.net/SS/ss_16_security_update_guestbook.html http://www.psoft.net/misc/hsphere_winbox_security_update_guestbook.html http://www.securityfocus.com/bid/13554 https://exchange.xforce.ibmcloud.com/vulnerabilities/20496 •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 3CVE-2005-1606 – Positive Software H-Sphere Winbox 2.4 - Sensitive Logfile Content Disclosure
https://notcve.org/view.php?id=CVE-2005-1606
H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges. • https://www.exploit-db.com/exploits/25636 http://exploitlabs.com/files/advisories/EXPL-A-2005-007-hsphere.txt http://secunia.com/advisories/15287 http://www.osvdb.org/16239 http://www.psoft.net/misc/hsphere_winbox_security_update_passwd.html http://www.securityfocus.com/bid/13559 https://exchange.xforce.ibmcloud.com/vulnerabilities/20522 •