Lucene search
K

295 matches found

CVE
CVE
added 2006/12/29 11:0 a.m.46 views

CVE-2006-6814

CVE-2006-6814 describes a directory traversal vulnerability in FolderManager/FolderManager.aspx (Hosting Controller 7c). The flaw allows remote authenticated users to read and modify arbitrary files and to list arbitrary directories by sending ..\ sequences in the BrowsePath parameter. This resul...

6.3CVSS6.7AI score0.01939EPSS
Exploits1References5Affected Software1
exploitpack
exploitpack
added 2006/12/27 12:0 a.m.18 views

Hosting Controller 7C - FolderManager.aspx Directory Traversal

Hosting Controller 7C - FolderManager.aspx Directory Traversal source: https://www.securityfocus.com/bid/21786/info Hosting Controller is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to modi...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2006/12/27 12:0 a.m.23 views

Hosting Controller 7C - 'FolderManager.aspx' Directory Traversal

source: https://www.securityfocus.com/bid/21786/info Hosting Controller is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to modify or retrieve arbitrary files in the context of the webserver...

7AI score
Exploits0
securityvulns
securityvulns
added 2006/11/02 12:0 a.m.49 views

[SA22607] Hosting Controller Multiple Vulnerabilities

TITLE: Hosting Controller Multiple Vulnerabilities SECUNIA ADVISORY ID: SA22607 VERIFY ADVISORY: http://secunia.com/advisories/22607/ CRITICAL: Moderately critical IMPACT: Security Bypass, Manipulation of data WHERE: From remote SOFTWARE: Hosting Controller 6.x http://secunia.com/product/4754/...

0.3AI score
Exploits0
NVD
NVD
added 2006/10/31 10:7 p.m.17 views

CVE-2006-5630

Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to 1 delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and 2 create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum...

7.5CVSS6.7AI score0.01824EPSS
Exploits1References6
NVD
NVD
added 2006/10/31 10:7 p.m.20 views

CVE-2006-5629

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in 1 DisableForum.asp and 2 enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and...

7.5CVSS8.5AI score0.02957EPSS
Exploits1References11
Cvelist
Cvelist
added 2006/10/31 10:0 p.m.25 views

CVE-2006-5630

Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to 1 delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and 2 create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum...

6.7AI score0.01824EPSS
Exploits1References6
CVE
CVE
added 2006/10/31 10:0 p.m.44 views

CVE-2006-5630

CVE-2006-5630 affects Hosting Controller 6.1 before Hotfix 3.3. The vulnerability enables remote deletion of a site’s virtual directory by tampering with the ForumID in DisableForum.asp, and creation of an arbitrary forum virtual directory via an empty ForumID in EnableForum.asp. Root cause: impr...

7.5CVSS7AI score0.01824EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2006/10/31 10:0 p.m.19 views

CVE-2006-5629

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in 1 DisableForum.asp and 2 enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and...

8.5AI score0.02957EPSS
Exploits1References11
CVE
CVE
added 2006/10/31 10:0 p.m.54 views

CVE-2006-5629

Summary of CVE-2006-5629 (CVELIST/NVD) : The vulnerability affects Hosting Controller 6.1 before Hotfix 3.3. It arises from inadequate sanitization of the ForumID parameter in two ASP scripts, EnableForum.asp and DisableForum.asp, allowing an unauthenticated attacker to inject SQL via the ForumID...

7.5CVSS8.5AI score0.02957EPSS
Exploits1References11Affected Software1
Packet Storm
Packet Storm
added 2006/10/31 12:0 a.m.29 views

HostingController6.1.txt

Hosting Controller 'EnableForum.asp' and 'DisableForum.asp' Scripts Let Remote Users Create or Delete Forums and Virtual Directories advisory : http://www.kapda.ir/advisory-442.html http://securitytracker.com/alerts/2006/Oct/1017103.html SQLInjection, Command Injection ------- KAPDA::59 - Hosting...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/10/30 12:0 a.m.52 views

Hosting Controller 6.1 Hotfix <= 3.2 Vulnerability

Hosting Controller 'EnableForum.asp' and 'DisableForum.asp' Scripts Let Remote Users Create or Delete Forums and Virtual Directories advisory : http://www.kapda.ir/advisory-442.html http://securitytracker.com/alerts/2006/Oct/1017103.html...

1.2AI score
Exploits0
seebug.org
seebug.org
added 2006/10/29 12:0 a.m.18 views

Hosting Controller <= 6.1 Hotfix 3.2 Remote Unauthenticated Vulns

No description provided by source. Hosting Controller 6.1 Hotfix = 3.2 Multi Vuln. SQLInjection, Command Injection ------- KAPDA::59 - Hosting Controller 6.1 Hotfix = 3.2 Vendor: Hosting Controller Vendor URL: www.hostingcontroller.com Solution: Hotfix 3.3 Found Date: 7/1/2006 Release Date:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2006/10/27 12:0 a.m.14 views

Hosting Controller 6.1 Hotfix 3.2 - Access

Hosting Controller 6.1 Hotfix 3.2 - Access Hosting Controller 6.1 Hotfix = 3.2 Multi Vuln. SQLInjection, Command Injection ------- KAPDA::59 - Hosting Controller 6.1 Hotfix = 3.2 Vendor: Hosting Controller Vendor URL: www.hostingcontroller.com Solution: Hotfix 3.3 Found Date: 7/1/2006 Release Dat...

0.9AI score
Exploits0
0day.today
0day.today
added 2006/10/27 12:0 a.m.40 views

Hosting Controller <= 6.1 Hotfix 3.2 Remote Unauthenticated Vulns

Exploit for unknown platform in category web applications ================================================================= Hosting Controller = 6.1 Hotfix 3.2 Remote Unauthenticated Vulns ================================================================= Hosting Controller 6.1 Hotfix = 3.2 Multi...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/10/27 12:0 a.m.33 views

Hosting Controller 6.1 Hotfix 3.2 - Access

Hosting Controller 6.1 Hotfix = 3.2 Multi Vuln. SQLInjection, Command Injection ------- KAPDA::59 - Hosting Controller 6.1 Hotfix = 3.2 Vendor: Hosting Controller Vendor URL: www.hostingcontroller.com Solution: Hotfix 3.3 Found Date: 7/1/2006 Release Date: 10/10/2006 Discussion:...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/10/23 12:0 a.m.27 views

Hosting Controller Multiple Script ForumID Parameter SQL Injection

The installed version of Hosting Controller fails to sanitize input to the 'ForumID' parameter of the 'forum/HCSpecific/EnableForum.asp' script before using it in database queries. An unauthenticated attacker may be able to leverage this issue to manipulate database queries to reveal sensitive...

7.5CVSS5.6AI score0.02957EPSS
Exploits1References3
exploitpack
exploitpack
added 2006/07/11 12:0 a.m.15 views

Hosting Controller 1.x - error.asp Cross-Site Scripting

Hosting Controller 1.x - error.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/18933/info Hosting Controller is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. An attacker may leverage this issue...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2006/07/11 12:0 a.m.21 views

Hosting Controller 1.x - &#039;error.asp&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/18933/info Hosting Controller is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. An attacker may leverage this issue to have arbitrary script code execute in the browser of...

7.4AI score
Exploits0
0day.today
0day.today
added 2006/07/06 12:0 a.m.43 views

Hosting Controller <= 6.1 Hotfix 3.1 Privilege Escalation Vulnerability

Exploit for unknown platform in category web applications ======================================================================= Hosting Controller function siteaction nact= "/hosting/addreseller.asp?htype=3" window.document.all.frm1.action = window.document.all.siteact.value + nact...

7.1AI score
Exploits0
Rows per page
Query Builder