CVE-2007-6497

Hosting Controller 6.1 Hot fix 3.3 and earlier 1 allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and 2 allows remote authenticated users to change a credit amount and increase a discount via an...

CVE-2007-6501

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp...

CVE-2006-5629

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in 1 DisableForum.asp and 2 enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and...

CVE-2006-5630

CVE-2006-5630 affects Hosting Controller 6.1 before Hotfix 3.3. The vulnerability enables remote deletion of a site’s virtual directory by tampering with the ForumID in DisableForum.asp, and creation of an arbitrary forum virtual directory via an empty ForumID in EnableForum.asp. Root cause: impr...

CVE-2006-5630

Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to 1 delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and 2 create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum...

CVE-2006-5629

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in 1 DisableForum.asp and 2 enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and...

CVE-2006-5629

Summary of CVE-2006-5629 (CVELIST/NVD) : The vulnerability affects Hosting Controller 6.1 before Hotfix 3.3. It arises from inadequate sanitization of the ForumID parameter in two ASP scripts, EnableForum.asp and DisableForum.asp, allowing an unauthenticated attacker to inject SQL via the ForumID...

Hosting Controller 6.1 Hotfix 3.2 - Access

Hosting Controller 6.1 Hotfix 3.2 - Access Hosting Controller 6.1 Hotfix = 3.2 Multi Vuln. SQLInjection, Command Injection ------- KAPDA::59 - Hosting Controller 6.1 Hotfix = 3.2 Vendor: Hosting Controller Vendor URL: www.hostingcontroller.com Solution: Hotfix 3.3 Found Date: 7/1/2006 Release Dat...

CVE-2006-1620

admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is presen...