19 matches found
EUVD-2006-6365
Malware in sbrugna...
EUVD-2005-4256
Malware in sbrugna...
EUVD-2008-4429
Malware in sbrugna...
EUVD-2006-0201
Malware in sbrugna...
EUVD-2008-4428
Malware in sbrugna...
CVE-2008-4447
Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...
Cross site scripting
Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the 1 overkill, 2 futils, or 3 edit actions...
CVE-2008-4447
CVE-2008-4447 is a documented XSS vulnerability in Positive Software H-Sphere WebShell 4.3.10, exploitable via (1) fn in dload, (2) mask in search, or (3) tab in sysinfo within actions.php. The connected sources confirm the affected product/version and the vulnerable parameters, establishing a cr...
CVE-2008-4448
CVE-2008-4448 describes a CSRF vulnerability in actions.php of Positive Software H-Sphere WebShell 4.3.10. An attacker can induce an admin to perform unauthorized actions by visiting a crafted link or IMG tag targeting (1) overkill, (2) futils, or (3) edit actions, effectively enabling file delet...
CVE-2008-4448
Cross-site request forgery CSRF vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the 1 overkill, 2 futils, or 3 edit actions...
CVE-2006-6382
The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; the details are obtained...
hsphereXSS.txt
I.Vulnerability H-Sphere Hosting Control Panel Cross Site Scripting Vulnerability II.Vendor Positive Software www.psoft.net III.Affected Systems H-Sphere = 2.4.3 Patch 8 IV.About H-Sphere is a scalable multiserver web hosting control panel that provides complete hosting automation for Linux, BSD ...
CVE-2006-0193
CVE-2006-0193 is an XSS vulnerability in the Hosting Control Panel (psoft.hsphere.CP) of Positive Software H-Sphere, affecting version 2.4.3 Patch 8 and earlier. The issue arises from a flaw in the login action where the login parameter can be exploited to inject arbitrary web script/HTML. The NV...
M.Neset KABAKLI
I.Vulnerability H-Sphere Hosting Control Panel Cross Site Scripting Vulnerability II.Vendor Positive Software www.psoft.net III.Affected Systems H-Sphere = 2.4.3 Patch 8 IV.About H-Sphere is a scalable multiserver web hosting control panel that provides complete hosting automation for Linux, BSD ...
CVE-2005-4261
Unspecified vulnerability in Positive Software Corporation CP+ cpplus before 2.5.5 allows attackers to have unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different...
CVE-2005-4261
Technical details about CVE-2005-4261 (CP+ before 2.5.5) are not provided in the connected documents. The material references Perl-related issues (CVE-2005-3962) and general advisories, but there is no explicit information here on CP+, vendor, affected versions, root cause, impact, or fixes. Moni...
CVE-2005-4261
Unspecified vulnerability in Positive Software Corporation CP+ cpplus before 2.5.5 allows attackers to have unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different...
Remote root vuln in HSphere WebShell
Hi all, Below is an advisory on a remote and local root vulnerability in the HSphere product by Positive Software which is used by many web-hosting providers. The vulnerability is in the WebShell component installed by default. Proof of concept exploits are provided and links to patched versions ...