[CLOSE] OSVDB ID : 49439 - Disclosed: 2008-10-28

Description:

H&H WebSoccer contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'liga.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 3496 - Disclosed: 2004-01-13

Description:

AntiVir for Linux contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the program creates a temp file with a predictable filename. This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.

[CLOSE] OSVDB ID : 31732 - Disclosed: 2006-12-05

Description:

(Description Provided by CVE) : The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 16241 - Disclosed: 2005-05-09

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere.

[CLOSE] OSVDB ID : 16242 - Disclosed: 2005-05-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 16239 - Disclosed: 2005-05-09

Description:

(Description Provided by CVE) : H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges.

[CLOSE] OSVDB ID : 22372 - Disclosed: 2006-01-12

Description:

H-Sphere contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' variable upon submission to the 'psoft.hsphere.CP' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26863 - Disclosed: 2006-06-27

Description:

H-Sphere contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'next_template', 'start', 'curr_menu_id' and 'arid' variables upon submission to the psoft.hsphere.CP script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 4329 - Disclosed: 2003-06-09

Description:

P-SOFT H-Sphere contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "template_name" variable upon submission to the "psoft.hsphere.CP" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 35977 - Disclosed: 2007-05-10

Description:

(Description Provided by CVE) : Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter.

[CLOSE] OSVDB ID : 42945 - Disclosed: 2008-02-26

Description:

(Description Provided by CVE) : Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors.

[CLOSE] OSVDB ID : 48858 - Disclosed: 2008-09-28

Description:

(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions.

[CLOSE] OSVDB ID : 48857 - Disclosed: 2008-09-28

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action.

[CLOSE] OSVDB ID : 60390 - Disclosed: 2003-01-06

Description:

(Description Provided by CVE) : Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist.

[CLOSE] OSVDB ID : 60391 - Disclosed: 2003-01-06

Description:

(Description Provided by CVE) : Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist.

[CLOSE] OSVDB ID : 60392 - Disclosed: 2003-01-06

Description:

(Description Provided by CVE) : Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist.

[CLOSE] OSVDB ID : 59587 - Disclosed: 2003-01-06

Description:

(Description Provided by CVE) : H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request.

[CLOSE] OSVDB ID : 44703 - Disclosed: 2007-10-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 44704 - Disclosed: 2007-10-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 44702 - Disclosed: 2007-10-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48232 - Disclosed: 2008-09-13

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters.

[CLOSE] OSVDB ID : 48856 - Disclosed: 2008-05-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 70892 - Disclosed: 2010-08-22

Description:

H2 Database Engine contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the program stores plain text passwords in configuration files, which will disclose logon credentials to a local attacker.

[CLOSE] OSVDB ID : 65660 - Disclosed: 2010-06-18

Description:

(Description Provided by CVE) : H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 43053 - Disclosed: 2008-03-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 43052 - Disclosed: 2008-03-01

Description:

h2desk Support System contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker edits the session ID, which will disclose the software's session path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 49418 - Disclosed: 2008-10-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 49419 - Disclosed: 2008-10-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 73228 - Disclosed: 2011-06-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 49203 - Disclosed: 2008-10-16

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter.