Sphere Security Vulnerabilities

CVE-2021-37379

Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to...

CVE-2022-45269

A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary...

CVE-2022-35821

Azure Sphere Information Disclosure...

CVE-2022-31561

The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used...

CVE-2022-31547

The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used...

CVE-2022-30777

Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from...

CVE-2021-42300

Azure Sphere Tampering...

CVE-2021-41374

Azure Sphere Information Disclosure...

CVE-2021-41376

Azure Sphere Information Disclosure...

CVE-2021-41375

Azure Sphere Information Disclosure...

CVE-2021-36956

Azure Sphere Information Disclosure...

CVE-2021-26430

Azure Sphere Denial of Service...

CVE-2021-26429

Azure Sphere Elevation of Privilege...

CVE-2021-26428

Azure Sphere Information Disclosure...

CVE-2021-28460

Azure Sphere Unsigned Code Execution...

CVE-2021-27080

Azure Sphere Unsigned Code Execution...

CVE-2021-27074

Azure Sphere Unsigned Code Execution...

CVE-2020-35608

A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses.....

CVE-2020-35609

A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this...

CVE-2020-16989

Azure Sphere Elevation of Privilege...

CVE-2020-16994

Azure Sphere Unsigned Code Execution...

CVE-2020-16993

Azure Sphere Elevation of Privilege...

CVE-2020-16991

Azure Sphere Unsigned Code Execution...

CVE-2020-16992

Azure Sphere Elevation of Privilege...

CVE-2020-16988

Azure Sphere Elevation of Privilege...

CVE-2020-16990

Azure Sphere Information Disclosure...

CVE-2020-16984

Azure Sphere Unsigned Code Execution...

CVE-2020-16987

Azure Sphere Unsigned Code Execution...

CVE-2020-16981

Azure Sphere Elevation of Privilege...

CVE-2020-16983

Azure Sphere Tampering...

CVE-2020-16982

Azure Sphere Unsigned Code Execution...

CVE-2020-16970

Azure Sphere Unsigned Code Execution...

CVE-2020-16985

Azure Sphere Information Disclosure...

CVE-2020-16986

Azure Sphere Denial of Service...

CVE-2012-5004

Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via...

CVE-2008-6465

Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login...

CVE-2008-4448

Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit...

CVE-2008-4447

Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a...

CVE-2008-1049

Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack...

CVE-2006-6382

The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; the details are obtained...

CVE-2006-3278

Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the...

CVE-2006-0193

Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login...

CVE-2003-1248

H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL...

CVE-2003-1247

Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in...

CVE-2005-1606

H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain...