Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
positive software h-sphere vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2008-4447
Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote malicious users to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the ta...
Positive Software H-sphere 4.3.10
1 EDB exploit
6.8
CVSSv2
CVE-2008-4448
Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote malicious users to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) fut...
Positive Software H-sphere 4.3.10
10
CVSSv2
CVE-2008-1049
Unspecified vulnerability in Parallels SiteStudio prior to 1.7.2, and 1.8.x prior to 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors.
Positive Software Sitestudio 1.8
Positive Software Sitestudio 1.7.1
Positive Software H-sphere
10
CVSSv2
CVE-2007-2633
Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote malicious users to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter.
Positive Software Sitestudio 1.6
6.8
CVSSv2
CVE-2006-6382
The control panel for Positive Software H-Sphere prior to 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; th...
Positive Software H-sphere 2.4.3
2.6
CVSSv2
CVE-2006-3278
Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP ...
Positive Software H-sphere
Positive Software H-sphere 2.5 Patch 2
Positive Software H-sphere 2.5 Rc 3
Positive Software H-sphere 2.5
Positive Software H-sphere 2.5 Patch 1
4.3
CVSSv2
CVE-2006-0193
Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the login parameter in a login action.
Positive Software H-sphere 2.4.1 Patch 2
Positive Software H-sphere 2.4.3 Patch 4
Positive Software H-sphere 2.4.3 Patch 1
Positive Software H-sphere 2.4.1 Patch 1
Positive Software H-sphere 2.4.2 Beta 2
Positive Software H-sphere 2.4.1
Positive Software H-sphere 2.4.2 Patch 4
Positive Software H-sphere 2.4.1 Patch 3
Positive Software H-sphere 2.4.1 Patch 4
Positive Software H-sphere 2.4.2 Beta 3
Positive Software H-sphere 2.4.3 Patch 3
Positive Software H-sphere 2.4.2 Rc1
Positive Software H-sphere 2.4.3 Patch 5
Positive Software H-sphere 2.4.3 Patch 7
Positive Software H-sphere 2.4.2 Patch 5
Positive Software H-sphere 2.4.3 Rc2
Positive Software H-sphere 2.4.2
Positive Software H-sphere 2.4.2 Patch 1
Positive Software H-sphere 2.4.3
Positive Software H-sphere 2.4.3 Rc1
Positive Software H-sphere 2.4.1 Patch 5
Positive Software H-sphere 2.4.2 Patch 2
4.6
CVSSv2
CVE-2005-1606
H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges.
Positive Software H-sphere Winbox 2.4.3 Rc1
Positive Software H-sphere Winbox 2.4.2 Patch 4
1 EDB exploit
6.8
CVSSv2
CVE-2005-1605
Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote malicious users to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio wit...
Positive Software Sitestudio 1.6 Patch 1
Positive Software Sitestudio 1.6 Final
7.5
CVSSv2
CVE-2003-1248
H-Sphere WebShell 2.3 allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request.
Positive Software H-sphere 2.3 Rc3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »