295 matches found
CVE-2006-6814
CVE-2006-6814 describes a directory traversal vulnerability in FolderManager/FolderManager.aspx (Hosting Controller 7c). The flaw allows remote authenticated users to read and modify arbitrary files and to list arbitrary directories by sending ..\ sequences in the BrowsePath parameter. This resul...
Hosting Controller 7C - FolderManager.aspx Directory Traversal
Hosting Controller 7C - FolderManager.aspx Directory Traversal source: https://www.securityfocus.com/bid/21786/info Hosting Controller is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to modi...
Hosting Controller 7C - 'FolderManager.aspx' Directory Traversal
source: https://www.securityfocus.com/bid/21786/info Hosting Controller is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to modify or retrieve arbitrary files in the context of the webserver...
[SA22607] Hosting Controller Multiple Vulnerabilities
TITLE: Hosting Controller Multiple Vulnerabilities SECUNIA ADVISORY ID: SA22607 VERIFY ADVISORY: http://secunia.com/advisories/22607/ CRITICAL: Moderately critical IMPACT: Security Bypass, Manipulation of data WHERE: From remote SOFTWARE: Hosting Controller 6.x http://secunia.com/product/4754/...
CVE-2006-5630
Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to 1 delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and 2 create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum...
CVE-2006-5629
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in 1 DisableForum.asp and 2 enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and...
CVE-2006-5630
Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to 1 delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and 2 create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum...
CVE-2006-5630
CVE-2006-5630 affects Hosting Controller 6.1 before Hotfix 3.3. The vulnerability enables remote deletion of a site’s virtual directory by tampering with the ForumID in DisableForum.asp, and creation of an arbitrary forum virtual directory via an empty ForumID in EnableForum.asp. Root cause: impr...
CVE-2006-5629
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in 1 DisableForum.asp and 2 enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and...
CVE-2006-5629
Summary of CVE-2006-5629 (CVELIST/NVD) : The vulnerability affects Hosting Controller 6.1 before Hotfix 3.3. It arises from inadequate sanitization of the ForumID parameter in two ASP scripts, EnableForum.asp and DisableForum.asp, allowing an unauthenticated attacker to inject SQL via the ForumID...
HostingController6.1.txt
Hosting Controller 'EnableForum.asp' and 'DisableForum.asp' Scripts Let Remote Users Create or Delete Forums and Virtual Directories advisory : http://www.kapda.ir/advisory-442.html http://securitytracker.com/alerts/2006/Oct/1017103.html SQLInjection, Command Injection ------- KAPDA::59 - Hosting...
Hosting Controller 6.1 Hotfix <= 3.2 Vulnerability
Hosting Controller 'EnableForum.asp' and 'DisableForum.asp' Scripts Let Remote Users Create or Delete Forums and Virtual Directories advisory : http://www.kapda.ir/advisory-442.html http://securitytracker.com/alerts/2006/Oct/1017103.html...
Hosting Controller <= 6.1 Hotfix 3.2 Remote Unauthenticated Vulns
No description provided by source. Hosting Controller 6.1 Hotfix = 3.2 Multi Vuln. SQLInjection, Command Injection ------- KAPDA::59 - Hosting Controller 6.1 Hotfix = 3.2 Vendor: Hosting Controller Vendor URL: www.hostingcontroller.com Solution: Hotfix 3.3 Found Date: 7/1/2006 Release Date:...
Hosting Controller 6.1 Hotfix 3.2 - Access
Hosting Controller 6.1 Hotfix 3.2 - Access Hosting Controller 6.1 Hotfix = 3.2 Multi Vuln. SQLInjection, Command Injection ------- KAPDA::59 - Hosting Controller 6.1 Hotfix = 3.2 Vendor: Hosting Controller Vendor URL: www.hostingcontroller.com Solution: Hotfix 3.3 Found Date: 7/1/2006 Release Dat...
Hosting Controller <= 6.1 Hotfix 3.2 Remote Unauthenticated Vulns
Exploit for unknown platform in category web applications ================================================================= Hosting Controller = 6.1 Hotfix 3.2 Remote Unauthenticated Vulns ================================================================= Hosting Controller 6.1 Hotfix = 3.2 Multi...
Hosting Controller 6.1 Hotfix 3.2 - Access
Hosting Controller 6.1 Hotfix = 3.2 Multi Vuln. SQLInjection, Command Injection ------- KAPDA::59 - Hosting Controller 6.1 Hotfix = 3.2 Vendor: Hosting Controller Vendor URL: www.hostingcontroller.com Solution: Hotfix 3.3 Found Date: 7/1/2006 Release Date: 10/10/2006 Discussion:...
Hosting Controller Multiple Script ForumID Parameter SQL Injection
The installed version of Hosting Controller fails to sanitize input to the 'ForumID' parameter of the 'forum/HCSpecific/EnableForum.asp' script before using it in database queries. An unauthenticated attacker may be able to leverage this issue to manipulate database queries to reveal sensitive...
Hosting Controller 1.x - error.asp Cross-Site Scripting
Hosting Controller 1.x - error.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/18933/info Hosting Controller is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. An attacker may leverage this issue...
Hosting Controller 1.x - 'error.asp' Cross-Site Scripting
source: https://www.securityfocus.com/bid/18933/info Hosting Controller is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. An attacker may leverage this issue to have arbitrary script code execute in the browser of...
Hosting Controller <= 6.1 Hotfix 3.1 Privilege Escalation Vulnerability
Exploit for unknown platform in category web applications ======================================================================= Hosting Controller function siteaction nact= "/hosting/addreseller.asp?htype=3" window.document.all.frm1.action = window.document.all.siteact.value + nact...