Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to...
5.4CVSS
5.4AI Score
0.001EPSS
A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary...
7.5CVSS
7.4AI Score
0.002EPSS
4.4CVSS
5.4AI Score
0.0004EPSS
The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used...
9.3CVSS
9.3AI Score
0.002EPSS
The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used...
9.3CVSS
9.3AI Score
0.002EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6CVSS
6.1AI Score
0.0004EPSS
6.7CVSS
4.8AI Score
0.001EPSS
2.3CVSS
4.2AI Score
0.0004EPSS
4.4CVSS
4.6AI Score
0.0004EPSS
4.4CVSS
5.7AI Score
0.0004EPSS
6CVSS
6.2AI Score
0.0004EPSS
7.7CVSS
7.5AI Score
0.0004EPSS
4.4CVSS
5.2AI Score
0.0004EPSS
8.1CVSS
8.1AI Score
0.001EPSS
9.3CVSS
9.3AI Score
0.001EPSS
6.2CVSS
6.6AI Score
0.002EPSS
A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses.....
7.8CVSS
7.7AI Score
0.001EPSS
A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this...
5.5CVSS
5.3AI Score
0.0004EPSS
5.4CVSS
6.2AI Score
0.0004EPSS
7.3CVSS
7.4AI Score
0.001EPSS
5.4CVSS
5.9AI Score
0.001EPSS
7.3CVSS
7.4AI Score
0.001EPSS
7.5CVSS
7.7AI Score
0.001EPSS
6.9CVSS
7.2AI Score
0.0004EPSS
6.2CVSS
6.3AI Score
0.001EPSS
7.3CVSS
7.4AI Score
0.001EPSS
7.3CVSS
7.4AI Score
0.004EPSS
6.1CVSS
6.7AI Score
0.0004EPSS
5.7CVSS
6.2AI Score
0.0004EPSS
6.1CVSS
6.7AI Score
0.002EPSS
8.1CVSS
8.1AI Score
0.002EPSS
6.2CVSS
6.4AI Score
0.002EPSS
6.2CVSS
6.5AI Score
0.001EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via...
7.4AI Score
0.006EPSS
Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login...
5.9AI Score
0.004EPSS
Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit...
6.9AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a...
5.7AI Score
0.002EPSS
Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack...
6.5AI Score
0.004EPSS
The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; the details are obtained...
6.5AI Score
0.0004EPSS
Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the...
5.9AI Score
0.006EPSS
Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login...
5.7AI Score
0.006EPSS
H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL...
8AI Score
0.023EPSS
Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in...
8.2AI Score
0.197EPSS
H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain...
6.7AI Score
0.0004EPSS