Vulnerabilities > Hosting Controller
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-08-12 | CVE-2002-0774 | Unspecified vulnerability in Hosting Controller Hosting Controller Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed. | 10.0 |
| 2002-08-12 | CVE-2002-0773 | Unspecified vulnerability in Hosting Controller Hosting Controller imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath. | 10.0 |
| 2002-08-12 | CVE-2002-0772 | Directory Traversal vulnerability in Hosting Controller DSNManager Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. | 6.4 |
| 2002-08-12 | CVE-2002-0466 | Directory Traversal vulnerability in Hosting Controller Hosting Controller 1.4/1.4.1 Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp. | 5.0 |
| 2002-08-12 | CVE-2002-0465 | Unspecified vulnerability in Hosting Controller Hosting Controller 1.4/1.4.1 Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. | 10.0 |
| 2002-08-12 | CVE-2002-0464 | Unspecified vulnerability in Hosting Controller Hosting Controller 1.4/1.4.1 Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. | 6.4 |
| 2002-05-16 | CVE-2002-0212 | Information Disclosure vulnerability in Hosting Controller The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack. | 7.5 |