EUVD-2006-1148

Malware in sbrugna...

Directory traversal

Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories possibly only empty directories via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue;...

CVE-2006-1235

CVE-2006-1235 describes a directory traversal vulnerability in HitHost 1.0.0, specifically in admin/deleteuser.php, where the $deleteuser parameter could allow remote attackers to delete directories (possibly only empty ones). The initial disclosure notes that proof of the issue was inconclusive ...

CVE-2006-1144

Cross-site scripting XSS vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via 1 the user parameter in deleteuser.php and 2 the hits parameter in viewuser.php...

CVE-2006-1144

CVE-2006-1144 concerns HitHost 1.0.0 and is an XSS vulnerability. The issue allows remote attackers to inject arbitrary web script or HTML via two parameters: (1) user in deleteuser.php and (2) hits in viewuser.php. The NVD entry lists a low base score (CVSS v2: 2.6, AV:N/AC:H/Au:N/I:P/A:N) with ...