CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2008-4447 – H-Sphere WebShell 4.3.10 - 'actions.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-4447
06 Oct 2008 — Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action. Una vulnerabilidad de tipo cross-site scripting (XSS), en el archivo actions.php en el Software H-Sphere WebShell de Positive versión 4.3.10, permite a los atacantes remotos inyectar script web o HTML ... • https://www.exploit-db.com/exploits/32449 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-4448
https://notcve.org/view.php?id=CVE-2008-4448
06 Oct 2008 — Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions. Vulnerabilidad de falsificación de petición en sitios cruzados (CSFR) en actions.php en H-Sphere WebShell 4.3.10 de Positive Software permite a atacantes remotos llevar a cabo acciones no autorizadas como adminis... • http://packetstormsecurity.org/0810-exploits/webshell431-xssxsrf.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-1049
https://notcve.org/view.php?id=CVE-2008-1049
27 Feb 2008 — Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors. Vulnerabilidad no especificada en Parallels SiteStudio en versiones anteriores a 1.7.2, y 1.8.x en versiones anteriores 1.8b, como lo utilizado en Parallels H-Sphere 3.0 en versiones anteriores a Patch 9 y 2.5 en versiones anteriores a Patch 11, tiene un efecto y vectores de ataque desconocidos. • http://secunia.com/advisories/29084 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6382
https://notcve.org/view.php?id=CVE-2006-6382
07 Dec 2006 — The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. El panel de control para Positive Software H-Sphere versiones anteriores a 2.5.0 RC3 crea ficheros de log en directorio de usuario con permisos no seguros, que permite a usuarios ... • http://secunia.com/advisories/23199 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2006-3278
https://notcve.org/view.php?id=CVE-2006-3278
28 Jun 2006 — Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name. Vulnerabilidad de secuencias de comandos en H-Sphere v2.5.1 Beta v1 y anteriores permiten a atacantes remotos inyectar código web o HTML de su elección a través de los parámetros (1) next_template... • http://pridels0.blogspot.com/2006/06/h-sphere-25x-xss-vuln.html •
CVSS: 6.1EPSS: 0%CPEs: 32EXPL: 0CVE-2006-0193
https://notcve.org/view.php?id=CVE-2006-0193
13 Jan 2006 — Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action. • http://secunia.com/advisories/18447 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2005-1606 – Positive Software H-Sphere Winbox 2.4 - Sensitive Logfile Content Disclosure
https://notcve.org/view.php?id=CVE-2005-1606
16 May 2005 — H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges. • https://www.exploit-db.com/exploits/25636 •
CVSS: 9.8EPSS: 38%CPEs: 1EXPL: 3CVE-2003-1247 – H-Sphere WebShell 2.4 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2003-1247
31 Dec 2003 — Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist. • https://www.exploit-db.com/exploits/22128 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2003-1248
https://notcve.org/view.php?id=CVE-2003-1248
31 Dec 2003 — H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request. • http://psoft.net/misc/webshell_patch.html •