Vulnerabilities > David Ravenscroft

DATE CVE VULNERABILITY TITLE RISK
2006-03-14 CVE-2006-1235 Directory Traversal vulnerability in David Ravenscroft Hithost 1.0.0
Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable.
network
low complexity
david-ravenscroft
5.0
2006-03-10 CVE-2006-1144 Cross-Site Scripting vulnerability in David Ravenscroft Hithost 1.0.0
Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via (1) the user parameter in deleteuser.php and (2) the hits parameter in viewuser.php.
network
high complexity
david-ravenscroft
2.6