{"type": "osvdb", "published": "2006-04-07T05:17:41", "href": "https://vulners.com/osvdb/OSVDB:24447", "hashmap": [{"key": "affectedSoftware", "hash": "f9040210aa6b280eb507cc979acb92e8"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "af22aa8aed88a6338cd17697b4b373cb"}, {"key": "cvss", "hash": "313104e31e57b9f7aa405f5f0fc56a4e"}, {"key": "description", "hash": "483aeee54c9cd7b0a7af29b866e5e3a1"}, {"key": "href", "hash": "e290b24a7213fd6222244015291f288a"}, {"key": "modified", "hash": "97e8cdc874bb23ccd53258f48e9abb4a"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "97e8cdc874bb23ccd53258f48e9abb4a"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "e9dffcd104d70929318c92e38c30767f"}, {"key": "title", "hash": "ebcc1a5cc633f1e9eb8e44ebe4e9d8f3"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/", "score": 7.8}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "Syst3m_f4ult()", "title": "Hosting Controller forum.mdb Remote User Credential Disclosure", "affectedSoftware": [{"operator": "eq", "version": "6.1", "name": "Hosting Controller"}], "enchantments": {"score": {"value": 5.3, "vector": "NONE", "modified": "2017-04-28T13:20:21"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-1764"]}], "modified": "2017-04-28T13:20:21"}, "vulnersScore": 5.3}, "references": [], "id": "OSVDB:24447", "hash": "6513397048b00b9c0287c8db37c6bf29973c0c451a63e12f3eb489a65f839c1d", "lastseen": "2017-04-28T13:20:21", "cvelist": ["CVE-2006-1764"], "modified": "2006-04-07T05:17:41", "description": "## Vulnerability Description\nHosting Controller contains a flaw that may lead to an unauthorized information disclosure. The issue is caused due to user credentials being stored in the \"forum/db/forum.mdb\" database file inside the web root, which will disclose the administrator's username and password, resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nHosting Controller contains a flaw that may lead to an unauthorized information disclosure. The issue is caused due to user credentials being stored in the \"forum/db/forum.mdb\" database file inside the web root, which will disclose the administrator's username and password, resulting in a loss of confidentiality.\n## Manual Testing Notes\nhttp://[target]/forum/db/forum.mdb\n## References:\nVendor URL: http://hostingcontroller.com/\n[Secunia Advisory ID:19569](https://secuniaresearch.flexerasoftware.com/advisories/19569/)\nFrSIRT Advisory: ADV-2006-1268\n[CVE-2006-1764](https://vulners.com/cve/CVE-2006-1764)\n"}

{"cve": [{"lastseen": "2019-05-29T18:08:32", "bulletinFamily": "NVD", "description": "Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information.", "modified": "2011-03-08T02:33:00", "id": "CVE-2006-1764", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1764", "published": "2006-04-13T01:06:00", "title": "CVE-2006-1764", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}]}