295 matches found
CVE-2006-3147
Unspecified vulnerability in Hosting Controller before 6.1 aka Hotfix 3.2 allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is...
CVE-2006-3147
Technical details for CVE-2006-3147 are not provided in the connected documents; the initial description is high‑level and does not specify affected versions, vectors, or remediation. Monitor for updates.
CVE-2006-3147
Unspecified vulnerability in Hosting Controller before 6.1 aka Hotfix 3.2 allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is...
Hosting Controller <= 6.1 Hotfix 3.1 Authenticated User Privilege Escalation
According to its version number, the installation of Hosting Controller on the remote host enables any authenticated user to gain host admin privileges and view all his resellers and change their passwords. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Improper access control
Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained fr...
CVE-2006-1764
Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained fr...
CVE-2006-1764
Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained fr...
CVE-2006-1764
CVE-2006-1764 affects Hosting Controller 6.1, where the application stores forum.mdb under the web document root with insufficient access control. This configuration enables remote attackers to obtain sensitive data, such as user names and credentials. The connected documents corroborate the issu...
[SA19569] Hosting Controller "forum.mdb" Exposure of User Credentials
TITLE: Hosting Controller "forum.mdb" Exposure of User Credentials SECUNIA ADVISORY ID: SA19569 VERIFY ADVISORY: http://secunia.com/advisories/19569/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Hosting Controller 6.x...
Code injection
admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is presen...
Directory traversal
Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter...
CVE-2006-1620
admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is presen...
CVE-2006-1621
Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter...
CVE-2006-1621
CVE-2006-1621 describes a directory traversal vulnerability in Hosting Controller 2002 RC 1, affecting the admin/folders/saveuploadfiles.asp handler. The flaw allows remote authenticated users to overwrite arbitrary files by supplying an absolute path in the OpenPath parameter, enabling potential...
CVE-2006-1621
Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter...
CVE-2006-1620
admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is presen...
CVE-2006-1620
The affected component is Hosting Controller 2002 RC1 (admin/accounts/AccountActions.asp). The vulnerability allows remote attackers to modify passwords for other users by abusing the Update User ActionType with a forged UserName and PassCheck=TRUE. This issue has been observed in 6.1 Hotfix 3.3 ...
Hosting Controller AccountActions.asp and saveuploadfiles.asp vulns (PoC)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, i've found 2 vulnerabilities in Hosting Controller that allows remote authenticated users to change every user password or upload files in every directory. Here are the PoC: This allows to modify passwords: form...
HostingController.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, i've found 2 vulnerabilities in Hosting Controller that allows remote authenticated users to change every user password or upload files in every directory. Here are the PoC: This allows to modify passwords: Username: Name: ChangePass type true:...
Sql injection
SQL injection vulnerability in search.asp in Hosting Controller 6.1 Hotfix 2.9 allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...