Vulnerabilities > Hosting Controller
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-12-20 | CVE-2007-6494 | Improper Input Validation vulnerability in Hosting Controller Hosting Controller 6.1Hotfix3.3 Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters. | 10.0 |
2006-12-29 | CVE-2006-6814 | Directory Traversal vulnerability in Hosting Controller Hosting Controller 7C Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter. network hosting-controller | 6.3 |
2006-10-31 | CVE-2006-5630 | Remote Security vulnerability in Hosting Controller Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp. | 7.5 |
2006-10-31 | CVE-2006-5629 | SQL Injection vulnerability in Hosting Controller Hosting Controller Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. | 7.5 |
2006-06-22 | CVE-2006-3147 | Privilege Escalation vulnerability in Hosting Controller Addreseller.ASP Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. | 6.5 |
2006-04-13 | CVE-2006-1764 | Information Disclosure vulnerability in Hosting Controller Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. | 7.8 |
2006-04-05 | CVE-2006-1621 | Directory Traversal vulnerability in Hosting Controller Hosting Controller 2002Rc1 Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter. | 4.0 |
2006-04-05 | CVE-2006-1620 | Remote vulnerability in Hosting Controller Hosting Controller 2002Rc1 admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. | 5.0 |
2006-03-14 | CVE-2006-1229 | SQL-Injection vulnerability in Hosting Controller Hosting Controller 6.1Hotfix2.9 SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. | 7.5 |
2006-02-08 | CVE-2006-0581 | SQL-Injection vulnerability in Hosting Controller Hosting Controller 6.1Hotfix2.8 SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp. | 6.5 |