EUVD-2003-1238

Malware in sbrugna...

H-Sphere WebShell 4.3.10 'actions.php' Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/31524/info H-Sphere WebShell is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code i...

H-Sphere Webshell 2.4 remote root exploit

No description provided by source. source: http://www.securityfocus.com/bid/6527/info A vulnerability has been discovered in H-Sphere Webshell. During the pre-authentication phase Webshell fails to perform sufficient bounds checking on user-supplied HTTP parameters. As a result, a malicious...

H-Sphere 2.x WebShell Login.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20532/info H-Sphere WebShell is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the...

CVE-2008-4447

Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...

Cross site scripting

Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...

CVE-2008-4447

Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...

CVE-2008-4448

CVE-2008-4448 describes a CSRF vulnerability in actions.php of Positive Software H-Sphere WebShell 4.3.10. An attacker can induce an admin to perform unauthorized actions by visiting a crafted link or IMG tag targeting (1) overkill, (2) futils, or (3) edit actions, effectively enabling file delet...

CVE-2008-4447

CVE-2008-4447 is a documented XSS vulnerability in Positive Software H-Sphere WebShell 4.3.10, exploitable via (1) fn in dload, (2) mask in search, or (3) tab in sysinfo within actions.php. The connected sources confirm the affected product/version and the vulnerable parameters, establishing a cr...

H-Sphere WebShell 4.3.10 - actions.php Multiple Cross-Site Scripting Vulnerabilities

H-Sphere WebShell 4.3.10 - actions.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/31524/info H-Sphere WebShell is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may...

H-Sphere WebShell 2.x - 'login.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20532/info H-Sphere WebShell is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in th...

CVE-2003-1247

Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via 1 a long URL content type in CGI::readFile, 2 a long path in diskusage, and 3 a long fname in flist...

CVE-2003-1248

H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 mode and 2 zipfile parameters in a URL request...

H-Sphere WebShell 2.4 - Local Privilege Escalation

H-Sphere WebShell 2.4 - Local Privilege Escalation // source: https://www.securityfocus.com/bid/6527/info A vulnerability has been discovered in H-Sphere Webshell. During the pre-authentication phase Webshell fails to perform sufficient bounds checking on user-supplied HTTP parameters. As a resul...

H-Sphere WebShell 2.4 - Remote Command Execution

H-Sphere WebShell 2.4 - Remote Command Execution / source: https://www.securityfocus.com/bid/6527/info A vulnerability has been discovered in H-Sphere Webshell. During the pre-authentication phase Webshell fails to perform sufficient bounds checking on user-supplied HTTP parameters. As a result, ...

H-Sphere WebShell 2.4 - Local Privilege Escalation

// source: https://www.securityfocus.com/bid/6527/info A vulnerability has been discovered in H-Sphere Webshell. During the pre-authentication phase Webshell fails to perform sufficient bounds checking on user-supplied HTTP parameters. As a result, a malicious attacker may be able to trigger a...

H-Sphere WebShell 2.4 - Remote Command Execution

/ source: https://www.securityfocus.com/bid/6527/info A vulnerability has been discovered in H-Sphere Webshell. During the pre-authentication phase Webshell fails to perform sufficient bounds checking on user-supplied HTTP parameters. As a result, a malicious attacker may be able to trigger a...