Vulnerabilities > Hosting Controller > Hosting Controller > 6.1.hotfix.2.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-06-22 | CVE-2006-3147 | Privilege Escalation vulnerability in Hosting Controller Addreseller.ASP Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. | 6.5 |
2006-04-13 | CVE-2006-1764 | Information Disclosure vulnerability in Hosting Controller Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. | 7.8 |
2006-02-08 | CVE-2006-0581 | SQL-Injection vulnerability in Hosting Controller Hosting Controller 6.1Hotfix2.8 SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp. | 6.5 |