Positive Software H-sphere — known CVE vulnerabilities
Every CVE whose affected-product data names Positive Software H-sphere, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2008-1049 — CVSS 10.0 (critical): Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and…
CVE-2003-1248 — CVSS 7.5 (high): H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile…
CVE-2003-1247 — CVSS 7.5 (high): Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in…
CVE-2006-6382 — CVSS 6.8 (medium): The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which…
CVE-2008-4447 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject…
CVE-2006-0193 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and…
CVE-2006-3278 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or…