Positive Software H-Sphere vulnerabilities
8 known vulnerabilities affecting positive_software/h-sphere.
Total CVEs
8
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM4LOW1
Vulnerabilities
Page 1 of 1
CVE-2003-1247P3HIGHCVSS 7.5PoCv2.3_rc32003-12-31
CVE-2003-1247 [HIGH] CVE-2003-1247: Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code
Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist.
nvd
CVE-2008-4447P4MEDIUMCVSS 4.3PoCv4.3.102008-10-06
CVE-2008-4447 [MEDIUM] CWE-79 CVE-2008-4447: Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.1
Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action.
nvd
CVE-2003-1248P3HIGHCVSS 7.5v2.3_rc32003-12-31
CVE-2003-1248 [HIGH] CVE-2003-1248: H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters
H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request.
nvd
CVE-2008-1049P4CRITICALCVSS 10.0≤ 2.5_patch_10≤ 3.0_patch_82008-02-27
CVE-2008-1049 [CRITICAL] CVE-2008-1049: Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Pa
Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors.
nvd
CVE-2008-4448P4MEDIUMCVSS 6.8v4.3.102008-10-06
CVE-2008-4448 [MEDIUM] CWE-352 CVE-2008-4448: Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShel
Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions.
nvd
CVE-2006-0193P4MEDIUMCVSS 4.3v2.4.1v2.4.1_patch_1+30 more2006-01-13
CVE-2006-0193 [MEDIUM] CVE-2006-0193: Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive
Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action.
nvd
CVE-2006-6382P4MEDIUMCVSS 6.8v2.4.32006-12-07
CVE-2006-6382 [MEDIUM] CVE-2006-6382: The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's dire
The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
nvd
CVE-2006-3278P4LOWCVSS 2.6≤ 2.5.1_beta_1v2.5+3 more2006-06-28
CVE-2006-3278 [LOW] CVE-2006-3278: Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attacker
Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name.
nvd