CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-1049
https://notcve.org/view.php?id=CVE-2008-1049
27 Feb 2008 — Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors. Vulnerabilidad no especificada en Parallels SiteStudio en versiones anteriores a 1.7.2, y 1.8.x en versiones anteriores 1.8b, como lo utilizado en Parallels H-Sphere 3.0 en versiones anteriores a Patch 9 y 2.5 en versiones anteriores a Patch 11, tiene un efecto y vectores de ataque desconocidos. • http://secunia.com/advisories/29084 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6382
https://notcve.org/view.php?id=CVE-2006-6382
07 Dec 2006 — The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. El panel de control para Positive Software H-Sphere versiones anteriores a 2.5.0 RC3 crea ficheros de log en directorio de usuario con permisos no seguros, que permite a usuarios ... • http://secunia.com/advisories/23199 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2006-3278
https://notcve.org/view.php?id=CVE-2006-3278
28 Jun 2006 — Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name. Vulnerabilidad de secuencias de comandos en H-Sphere v2.5.1 Beta v1 y anteriores permiten a atacantes remotos inyectar código web o HTML de su elección a través de los parámetros (1) next_template... • http://pridels0.blogspot.com/2006/06/h-sphere-25x-xss-vuln.html •
CVSS: 6.1EPSS: 0%CPEs: 32EXPL: 0CVE-2006-0193
https://notcve.org/view.php?id=CVE-2006-0193
13 Jan 2006 — Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action. • http://secunia.com/advisories/18447 •