Positive Software » H-sphere : Security Vulnerabilities, CVEs, CVSS score >= 3
Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions.
Max CVSS
6.8
EPSS Score
0.30%
Published
2008-10-06
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action.
Max CVSS
4.3
EPSS Score
0.20%
Published
2008-10-06
Updated
2017-08-08
Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.38%
Published
2008-02-27
Updated
2017-08-08
The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
6.8
EPSS Score
0.04%
Published
2006-12-07
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action.
Max CVSS
4.3
EPSS Score
0.62%
Published
2006-01-13
Updated
2018-10-19
H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request.
Max CVSS
7.5
EPSS Score
2.34%
Published
2003-12-31
Updated
2008-09-05
Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist.
Max CVSS
7.5
EPSS Score
19.68%
Published
2003-12-31
Updated
2008-09-05
7 vulnerabilities found