2 matches found
Design/Logic Flaw
Hosting Controller 6.1 Hot fix 3.3 and earlier 1 allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and 2 allows remote authenticated users to change a credit amount and increase a discount via an...
CVE-2005-2219
CVE-2005-2219 affects Hosting Controller 6.1 Hotfix 2.1. Remote authenticated users can perform unauthorized actions by sending a direct request to AccountActions.asp and modifying the CreditLimit parameter in the UpdateCreditLimit action, enabling changes to user credit limits. The linked Red Ha...