Lucene search

[email protected]CVE-2006-1620

HistoryApr 05, 2006 - 10:04 a.m.

CVE-2006-1620

2006-04-0510:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1620

hosting controller

accountactions.asp

password modification

remote attack

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.012 Low

EPSS

Percentile

85.2%

JSON

admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an “Update User” ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.

CPENameOperatorVersion
hosting_controller:hosting_controllerhosting controllereq2002_rc_1
hosting_controller:hosting_controllerhosting controllerle6.1_hotfix_3.3

CPE	Name	Operator	Version
hosting_controller:hosting_controller	hosting controller	eq	2002_rc_1
hosting_controller:hosting_controller	hosting controller	le	6.1_hotfix_3.3

References

hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html

secunia.com/advisories/28973

www.osvdb.org/24773

www.securityfocus.com/archive/1/429731/100/0/threaded

www.securityfocus.com/archive/1/485028/100/0/threaded

www.securityfocus.com/bid/26862

exchange.xforce.ibmcloud.com/vulnerabilities/25673

exchange.xforce.ibmcloud.com/vulnerabilities/39038

www.exploit-db.com/exploits/4730

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.012 Low

EPSS

Percentile

85.2%

JSON

Related for CVE-2006-1620

prion1 cvelist1