Lucene search
K

295 matches found

NVD
NVD
added 2006/06/22 10:6 p.m.15 views

CVE-2006-3147

Unspecified vulnerability in Hosting Controller before 6.1 aka Hotfix 3.2 allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is...

6.5CVSS6.4AI score0.02625EPSS
Exploits0References7
CVE
CVE
added 2006/06/22 10:0 p.m.44 views

CVE-2006-3147

Technical details for CVE-2006-3147 are not provided in the connected documents; the initial description is high‑level and does not specify affected versions, vectors, or remediation. Monitor for updates.

6.5CVSS6.4AI score0.02625EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2006/06/22 10:0 p.m.22 views

CVE-2006-3147

Unspecified vulnerability in Hosting Controller before 6.1 aka Hotfix 3.2 allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is...

6.4AI score0.02625EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2006/06/21 12:0 a.m.23 views

Hosting Controller <= 6.1 Hotfix 3.1 Authenticated User Privilege Escalation

According to its version number, the installation of Hosting Controller on the remote host enables any authenticated user to gain host admin privileges and view all his resellers and change their passwords. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

6.5CVSS5.5AI score0.02625EPSS
Exploits0References2
Prion
Prion
added 2006/04/13 1:6 a.m.18 views

Improper access control

Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained fr...

7.8CVSS7AI score0.01612EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2006/04/13 1:6 a.m.19 views

CVE-2006-1764

Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained fr...

7.8CVSS6.4AI score0.01612EPSS
Exploits0References3
Cvelist
Cvelist
added 2006/04/13 1:0 a.m.23 views

CVE-2006-1764

Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained fr...

6.4AI score0.01612EPSS
Exploits0References3
CVE
CVE
added 2006/04/13 1:0 a.m.49 views

CVE-2006-1764

CVE-2006-1764 affects Hosting Controller 6.1, where the application stores forum.mdb under the web document root with insufficient access control. This configuration enables remote attackers to obtain sensitive data, such as user names and credentials. The connected documents corroborate the issu...

7.8CVSS6.5AI score0.01612EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2006/04/07 12:0 a.m.26 views

[SA19569] Hosting Controller &quot;forum.mdb&quot; Exposure of User Credentials

TITLE: Hosting Controller "forum.mdb" Exposure of User Credentials SECUNIA ADVISORY ID: SA19569 VERIFY ADVISORY: http://secunia.com/advisories/19569/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Hosting Controller 6.x...

6.8AI score
Exploits0
Prion
Prion
added 2006/04/05 10:4 a.m.17 views

Code injection

admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is presen...

5CVSS7.1AI score0.02187EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2006/04/05 10:4 a.m.16 views

Directory traversal

Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter...

4CVSS6.8AI score0.0134EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2006/04/05 10:4 a.m.19 views

CVE-2006-1620

admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is presen...

5CVSS6.6AI score0.02187EPSS
Exploits0References9
NVD
NVD
added 2006/04/05 10:4 a.m.13 views

CVE-2006-1621

Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter...

4CVSS6.3AI score0.0134EPSS
Exploits0References3
CVE
CVE
added 2006/04/05 10:0 a.m.51 views

CVE-2006-1621

CVE-2006-1621 describes a directory traversal vulnerability in Hosting Controller 2002 RC 1, affecting the admin/folders/saveuploadfiles.asp handler. The flaw allows remote authenticated users to overwrite arbitrary files by supplying an absolute path in the OpenPath parameter, enabling potential...

4CVSS6.4AI score0.0134EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2006/04/05 10:0 a.m.16 views

CVE-2006-1621

Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter...

6.3AI score0.0134EPSS
Exploits0References3
Cvelist
Cvelist
added 2006/04/05 10:0 a.m.19 views

CVE-2006-1620

admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is presen...

6.6AI score0.02187EPSS
Exploits0References9
CVE
CVE
added 2006/04/05 10:0 a.m.49 views

CVE-2006-1620

The affected component is Hosting Controller 2002 RC1 (admin/accounts/AccountActions.asp). The vulnerability allows remote attackers to modify passwords for other users by abusing the Update User ActionType with a forged UserName and PassCheck=TRUE. This issue has been observed in 6.1 Hotfix 3.3 ...

5CVSS6.6AI score0.02187EPSS
Exploits0References9Affected Software1
securityvulns
securityvulns
added 2006/04/04 12:0 a.m.37 views

Hosting Controller AccountActions.asp and saveuploadfiles.asp vulns &#40;PoC&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, i've found 2 vulnerabilities in Hosting Controller that allows remote authenticated users to change every user password or upload files in every directory. Here are the PoC: This allows to modify passwords: form...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2006/04/04 12:0 a.m.22 views

HostingController.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, i've found 2 vulnerabilities in Hosting Controller that allows remote authenticated users to change every user password or upload files in every directory. Here are the PoC: This allows to modify passwords: Username: Name: ChangePass type true:...

7.4AI score
Exploits0
Prion
Prion
added 2006/03/14 7:6 p.m.17 views

Sql injection

SQL injection vulnerability in search.asp in Hosting Controller 6.1 Hotfix 2.9 allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

7.5CVSS8.8AI score0.01214EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder